Unified Layer Shell Upload

`/------ Unified-Layer Unrestricted File Upload Exploit  
/------ Author: UmPire / [email protected]  
/------ Iran Security Group / iransec.net  
  
Hi guys,  
  
With this exploit, You can upload files with any extensions you want in sites that  
are hosted on unified layer and its children like bluehost, hostmonster, justhost, ...  
and also these sites themselves  
  
You know that there are many many sites out there on unified-layer and there are a huge  
amount of choice for you to hack by this.  
  
It's not important how you find target. It can be a plugin, finding by dorks and etc.  
  
Let's visit a site and look how we do it...  
Remember that it relates mostly on its existence on unified-layer, not the uploader script.  
  
  
Demo Video: http://www.youtube.com/watch?v=tY4vJtTuQbQ  
  
  
---=== POC ===---  
In any site from unified layer  
  
First, you should find an uploader  
It usually exists in contact forms or galleries. You can find more uploaders by searching an specific wordpress, joomla,... plugins.  
The amazing part is that it works also on WHMCS. But it's your duty to find the renamed file.  
  
Second, rename the file and add dots at the end before extension:  
example.php......jpg  
  
simple but nice  
  
Third, it will be uploaded with ease.  
  
  
---=== Notes ===---  
As you perhaps know, it was a paid exploit at first. I decided to publish it for free because of anniversary of the "Sacred Defense Week" of Iran. https://en.wikipedia.org/wiki/Sacred_Defence_Week  
It's better for bad guys not killing ppl in Gaza. The land will remain Palestine forever.  
At last, It's really good to be good. (g2g)  
Bye.  
`