PHPAuctionSystem – Arbitrary File Upload

• Exploit Database
• 146 阅读

• 作者： Sid3^effects
  日期： 2010-06-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13892/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

  Name : PHPAuctionSystem Upload Vulnerability Date : june, 16 2010 Vendor url :http://www.phpauctions.info/ Critical Level : HIGH Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com> special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_ greetz to :All ICW members and my friends :) luv y0 guyz #######################################################################################################   PHPAuctionSystem had various vulnerablities which was found     #######################################################################################################   Xploit:Upload Vulnerability   Step 1: register as a user :) Step 2: goto "sell an item" option   DEMO URL :http://[site]/select_category.php?   Step 3: post ur evil-code in the item description   Step 4:check your item and ur evil script is executed and upload your shell and enjoy :P   demo url :http://[site]/sell.php :)     ############################################################################################################### # 0day no more # Sid3^effects