header-logo
Suggest Exploit
vendor:
Vacation Rental Script
by:
Br0ly
8,8
CVSS
HIGH
Upload Shell
434
CWE
Product Name: Vacation Rental Script
Affected Version From: 4.0
Affected Version To: 4.0
Patch Exists: NO
Related CWE: N/A
CPE: a:vacationrentalscript:vacation_rental_script
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Vacation Rental Script <= 4.0

A vulnerability exists in Vacation Rental Script <= 4.0 which allows an attacker to upload a malicious shell to the server. An attacker can register an account on the website and then login to the members area. From there, they can navigate to the profile page and upload a malicious shell disguised as an image file. The shell can then be accessed at http://server/public/upload/logos/youshell.php.jpg

Mitigation:

Ensure that all file uploads are properly validated and sanitized before being accepted. Additionally, ensure that all uploaded files are stored outside of the web root directory.
Source

Exploit-DB raw data:

 Script Name: Vacation Rental Script <= 4.0
  Site: http://www.vacationrentalscript.com/

Bug: Upload Shell
  Found: Br0ly
google dork: "2006 - 2009 Vacation Rental Script"  BraZIL!!

 You need register a account first so:

 Signup: http://server/signup

  Cheek your email for login and password

  So login in:

  http://server/members/login

  After login:
  Go to:

  http://server/members/profile

  at the bottom of the page you can upload a logo why not a lithe and nice
shell?

  Upload a shell type: shell.php.jpg or shell.php.jpeg

  after upload:

  http://server/public/upload/logos/youshell.php.jpg

Navigation

Suggest Exploit

Services By CQR