Freelancer Marketplace Script Upload Vulnerability

==================================================
Freelancer Marketplace Script Upload Vulnerability
==================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : Freelancers Marketplace Script Upload Vulnerability
Date : july 17,2010
Critical Level     : HIGH
vendor URL :http://www.guruscript.com/
google dork:Powered by Guruscript.com
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,SeeMe,RoadKiller
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz

NOtice : The persistent Xss and upload vuln is in other 2 versions also namely Plus,Gold scripts
#######################################################################################################
Description:
Freelancers Marketplace Script is an Extensive and Powerful script written in PHP and Ajax to launch your own Freelancers website. Create

your own global talent search marketplace with this script. Service seekers can post their requirements through this script and the service

providers can place their bids for doing the job. Highly configurable features and fully customizable colors, styles, fonts and graphics make

this script very very special.
#######################################################################################################
Xploit: Persistent Upload Vulnerability

Step 1 : Register as a user.

Step 2 : Now go and post your project
DEMO URL :http://freelancerclonescript.com/post_project.php

Step 3 : The attacker can insert thier evil scripts or shells  in the "describe" section.

Step 4 : Now check the main sites for the projects and you may find your script or shell  ;)
DEMO URL : http://freelancerclonescript.com/all_projects.php
#######################################################################################################
# 0day no more
# Sid3^effects 



#  0day.today [2018-03-10]  #