##############################################################################
# Title:fast-signup shell uploading
# vendor: n/a
# Exploit Author : Guardiran Security Team
# Tested On : ubuntu / Windows 8.1
#
# Dork: inurl:fast-signup.php
#
# -----------------------------------------------
#
#
# Description :
# an uncontrolled profile image uploader enables attacker to upload shell remotely
#
#
#
#
#
# POC:
# first find targets with the dork above and signup by uploading a normal photo in this step. then
# login(sometime it will login automatically) after that go to "My Photo" click on "Manage My photo"
# "Modify Photo 1" now upload your shell.php here :) open your profile photo(the shell you uploaded)
# url will be like this:
# http://sitedomain.com/photoprocess.php?image=memphoto1/209975shell.php&square=100
#
# change it to this order:
# http://sitedomain.com/memphoto1/123456shell.php
# Now you are done :)
# 123456 is a random number that the website will add to your file name so it can be any thing else
#
# Bypass:
# in some of targets i saw that they have denied .php file so upload your shell as .PHP :)
#
#
#
#
##############################################################################