header-logo
Suggest Exploit
vendor:
Add An Ad Cart and Add An Event
by:
MR.Z
9.3
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: Add An Ad Cart and Add An Event
Affected Version From: Add An Ad Cart and Add An Event
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Add An Ad Script ~ Remote PHP File Upload

The vulnerability allows an attacker to upload a malicious file to the vulnerable server. The attacker can then access the uploaded file and execute arbitrary code on the server. The vulnerability exists in the uploadfile.php script, which is used to upload files to the server. The script does not properly validate the uploaded file, allowing an attacker to upload a malicious file.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all uploaded files are properly validated before being stored on the server. Additionally, the server should be configured to only allow certain file types to be uploaded.
Source

Exploit-DB raw data:

################################################
|
| Add An Ad Script ~ Remote PHP File Upload
|
| it works with Add An Ad Cart script and Add An Event script
|
| Site : http://www.addanad.com/
|
| Download :
| http://www.addanad.com/addanad/product.php?id=1 [ Add An Ad Cart ]
| http://www.addanad.com/addanad/product.php?id=14 [ Add An Event ]
|
| Found by : MR.Z
|
|Contact : tzar-rules-da-world@hotmail.com
################################################
|
|Dork : in your dreams :)
|
|Exploit :
|
| 1- go to www.site.com/path/adminscripts/uploadfile.php
| 2- select your shell and upload
| 3- the script will show the shell link after uploading
|
################################################
|
|Greetz :- all muslims , ViRuSMaN , Evil - Coder and all member of [www.Islam-Attack.com]
|
################################################