/------ Unified-Layer Unrestricted File Upload Exploit
/------ Author: UmPire / ranrep0ker@yahoo.com
/------ Iran Security Group / iransec.net

Hi guys,

With this exploit, You can upload files with any extensions you want in sites that
are hosted on unified layer and its children like bluehost, hostmonster, justhost, ...
and also these sites themselves

You know that there are many many sites out there on unified-layer and there are a huge
amount of choice for you to hack by this.

It's not important how you find target. It can be a plugin, finding by dorks and etc.

Let's visit a site and look how we do it...
Remember that it relates mostly on its existence on unified-layer, not the uploader script.


Demo Video: http://www.youtube.com/watch?v=tY4vJtTuQbQ


---=== POC ===---
In any site from unified layer

First, you should find an uploader
   It usually exists in contact forms or galleries. You can find more uploaders by searching an specific wordpress, joomla,... plugins.
The amazing part is that it works also on WHMCS. But it's your duty to find the renamed file.

Second, rename the file and add dots at the end before extension:
   example.php......jpg
  
   simple but nice

Third, it will be uploaded with ease.


---=== Notes ===---
As you perhaps know, it was a paid exploit at first. I decided to publish it for free because of anniversary of the "Sacred Defense Week" of Iran. https://en.wikipedia.org/wiki/Sacred_Defence_Week
It's better for bad guys not killing ppl in Gaza. The land will remain Palestine forever.
At last, It's really good to be good. (g2g)
Bye.