iScripts Socialware Shell upload Vulnerabilty
Posted on 06 July 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>iScripts Socialware Shell upload Vulnerabilty</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>============================================= iScripts Socialware Shell upload Vulnerabilty ============================================= Name : iScripts Socialware Shell upload Vulnerabilty Critical Level:VERY HIGH vendor URL :http://www.iscripts.com/socialware/ Price:$147 Author : ..::[ SONiC ]::.. aka ~the_pshyco~ <sonicdefence[at]gmail.com> special thanks to : Sid3^effects,r0073r (inj3ct0r.com),L0rd CruSad3r,M4n0j,Bunny,Nishi,MA1201,RJ,D3aD F0x greetz to :www.topsecure.net ,All ICW members , iNj3cT0r.com, www.andhrahackers.com special Shoutz : my Girl Frnd [H*****] ####################################################################################################### Description : ? iScripts SocialWare is an award-winning, easy to use social networking software that enables you to create your own social network like MySpace, Orkut, Friendster, Linkedin, Facebook, Hi5, etc. iScripts SocialWare is an online community-building software that can be hosted on your servers to provide social networking services to your visitors. It is completely customizable, as the source code is not encrypted. You can brand the entire web site by setting your logo, brand information, marketing messages, custom support links, etc., on the application interface. As the application is hosted on your server, you have complete control over every aspect of the site. This is an easy way to implement a social network and will get your service up and running in minutes. iScripts SocialWare is for webmasters who would like to bring in large amount of viral traffic to their web site. ####################################################################################################### Xploit :SQl i vulnerabilty DEMO URL http://www.iscripts.com/socialware/demo/popups/photos.php Uploaded path : http://www.iscripts.com/socialware/demo/member_photos/ Could be able to Upload shell as Image file ############################################################################################################### # ..::[ SONiC ]::.. aka the_pshyco # profile http://inj3ct0r.com/author/2545 # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-06]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
