This is a writeup describing a remote file upload vulnerability in SOOP Portal 2.0, allowing attackers to upload malicious ASP files disguised as images. The exploit involves registering on the site, navigating to the avatar upload section, and bypassing file extension restrictions.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:SOOP Portal 2.0
Auth required
Prerequisites:valid user account on the target system · access to the avatar upload functionality