PHPAuctionSystem – Arbitrary File Upload

• Exploit Database
• 35 阅读

• 作者： Sid3^effects
  日期： 2010-06-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13892/

• Name : PHPAuctionSystem Upload Vulnerability
  Date : june, 16 2010
  Vendor url :http://www.phpauctions.info/
  Critical Level : HIGH
  Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
  special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
  greetz to :All ICW members and my friends :) luv y0 guyz 
  #######################################################################################################
   
  
  PHPAuctionSystem had various vulnerablities which was found 
  
  
  #######################################################################################################
  
  Xploit:Upload Vulnerability
  
   Step 1: register as a user :)
   
   Step 2: goto "sell an item" option
  
   DEMO URL :http://[site]/select_category.php?
  
   Step 3: post ur evil-code in the item description 
  
   Step 4:check your item and ur evil script is executed and upload your shell and enjoy :P
  
   demo url :http://[site]/sell.php :)
  
  
  ###############################################################################################################
  # 0day no more 
  # Sid3^effects