header-logo
Suggest Exploit
vendor:
Ppim
by:
Stack
7.5
CVSS
HIGH
Multiple Vulnerabilities
N/A
CWE
Product Name: Ppim
Affected Version From: 1
Affected Version To: 1
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Ppim <= 1.0 (upload/change password) Multiple Vulnerabilities

Ppim v1.0 has two vulnerabilities, one is related to change password and other is related to upload. For change password, the user can go to the link http://localhost/ppim/changepassword.php and write their password and confirm it. For upload, the user can go to the link http://localhost/ppim/upload.php and upload a php shell. After that, they can go to http://localhost/ppim/shell.php to access the uploaded shell.

Mitigation:

The user should update the Ppim v1.0 to the latest version to mitigate the vulnerabilities.
Source

Exploit-DB raw data:

Ppim <= 1.0 (upload/change password) Multiple Vulnerabilities
cript : Ppim v1.0
Download : http://scripts.ringsworld.com/organizers/ppim.zip
By Stack
Poc 1: change password
for change password go to this link
http://localhost/ppim/changepassword.php
writhe your password and confirm it

Poc 2 : upload
http://localhost/ppim/upload.php
you can upload you php shell in this link
after you go here
http://localhost/ppim/shell.php

# milw0rm.com [2008-08-11]

Navigation

Suggest Exploit

Services By CQR