================================================================= =================Memberkit 1.0 Remote File Upload================ ================================================================= Vendor: http://www.memberkit.com/ Discovered: 12-30-08 Discovered By: Lo$er Dork: "Powered by MemberKit" ====Exploit==== After registered and logged in, a user can upload any type of file in "My Picture Album" where a picture would usually be uploaded. For example, if the file "shell.php" was uploaded to somesite.com, its location would likely be http://somesite.com/uploads/pictures/pictures/[user]/[picture number]_shell.php The location of the file can also easily be found by using your browser's "view image" function where the image would appear regularly. ===<3=== lots of lub to (irc.)r00tsecurity.org and all of #r00tsecurity