MarketSaz remote file Upload Vulnerability

vendor:

MarketSaz

by:

NetQurd

8,8

CVSS

HIGH

Remote File Upload

264

CWE

Product Name: MarketSaz

Affected Version From: 1.0

Affected Version To: 1.2

Patch Exists: YES

Related CWE: CVE-2011-4010

CPE: cpe:a:marketsaz:marketsaz:1.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux, PHP

2011

MarketSaz remote file Upload Vulnerability

MarketSaz is vulnerable to remote file upload. An attacker can upload a malicious file to the server and execute it.

Mitigation:

Upgrade to the latest version of MarketSaz.

Source

Exploit-DB raw data:

==========================================
MarketSaz remote file Upload Vulnerability
==========================================


#Exploit Title: MarketSaz remote file uploade

#Author: NetQurd (NetQurd@Live.com)

#Dork : English = Powered MarketSaz


#Software Link: http://www.marketsaz.com

#Platform :linux/php

#Exploit : http://target.com

#http://target.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#Example site: http://server

#Select the "File Upload" To use = php

#http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#Sh3ll : http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/shell.php

#OR

#http://server/shell.php
# Spical Thanks To Net.Edit0r (Net.Edit0r@att.net)