fast-signup shell uploading

Exploit Author : Guardiran Security Team

Tested On : ubuntu / Windows 8.1

Dork: inurl:fast-signup.php

Description : an uncontrolled profile image uploader enables attacker to upload shell remotely

POC: first find targets with the dork above and signup by uploading a normal photo in this step. then login(sometime it will login automatically) after that go to “My Photo” click on “Manage My photo” “Modify Photo 1” now upload your shell.php here :) open your profile photo(the shell you uploaded) url will be like this: http://sitedomain.com/photoprocess.php?image=memphoto1/209975shell.php&square=100

change it to this order: http://sitedomain.com/memphoto1/123456shell.php Now you are done :) 123456 is a random number that the website will add to your file name so it can be any thing else

Bypass: in some of targets i saw that they have denied .php file so upload your shell as .PHP :)

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.