Full title: Pandora 3.1 Auth Bypass / Arbitrary File Upload Vulnerabilities 
Category: remote exploits
Platform: php
This Metasploit module exploits an authentication bypass vulnerability in Pandora version 3.1 as disclosed by Juan Galiana Lara. It also integrates with the built-in pandora upload which allows a user to upload arbitrary files to the '/images/' directory. This Metasploit module was created as an exercise in the Metasploit Mastery Class at Blackhat that was facilitated by egypt and mubix.

# 0day.today @ http://0day.today/