PHPAuctionSystem Upload Vulnerability

vendor:

PHPAuctionSystem

by:

Sid3^effects aKa HaRi

7,5

CVSS

HIGH

Upload Vulnerability

N/A

CWE

Product Name: PHPAuctionSystem

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

PHPAuctionSystem Upload Vulnerability

PHPAuctionSystem had various vulnerablities which was found. The exploit involves registering as a user, going to the 'sell an item' option, posting malicious code in the item description, and then checking the item to execute the malicious code and upload a shell.

Mitigation:

N/A

Source

Exploit-DB raw data:

Name : PHPAuctionSystem Upload Vulnerability
Date : june, 16 2010
Vendor url :http://www.phpauctions.info/
Critical Level     : HIGH
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
greetz to :All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
 

PHPAuctionSystem had various vulnerablities which was found 


#######################################################################################################

Xploit:Upload Vulnerability

 Step 1: register as a user :)
 
 Step 2: goto "sell an item" option

 DEMO URL :http://[site]/select_category.php?

 Step 3: post ur evil-code in the item description 

 Step 4:check your item and ur evil script is executed and upload your shell and enjoy :P

 demo url :http://[site]/sell.php :)


###############################################################################################################
# 0day no more 
# Sid3^effects