SOOP Portal Raven 1.0b - Arbitrary File Upload

EDB-ID:

15703

CVE:

N/A


Author:

Sun Army

Type:

webapps


Platform:

ASP

Date:

2010-12-07


# Exploit Title: SOOP Portal Raven 1.0b Remote Upload Shell Vulnerability
# Google Dork: "Powered by SOOP Portal Raven 1.0b"
# Date: 06-12-2010
# Author: Sun Army
# Version: Raven 1.0b
# Tested on: Win 2003



##################### Exploit ###################
#      
#    1.Register On Site
#  
#     2.Shell Renamed to .asp.jpg  ( shell.asp.jpg  )
#
#     3.Go This Page  --> http://site/forum/register.asp?fpn=2 
#
#     4. Brows And Upload SHell
#
#      5. go http://site/forum/register.asp?fpn=2    --> List Avatars  --> Your 
Personal 
#            Avatar  --> select your Shell and View shell Address in text box
#
#    
#      Google Dork :   ""Powered by SOOP Portal Raven 1.0b"
#
################################################

#  Reported By Turk_Server

#   Team
#   MagicCoder,Plus,Mehdy007,BodyGuard,Nitrojen26,The-Mostafa

#   KinG,Bl4ckl0rd,Turk_server

#   Special Thanks : Farzad_Ho,R3dMind,rAbiN_hoOd,Falcon