Webiness Inventory 2.3 – ‘ProductModel’ Arbitrary File Upload

• Exploit Database
• 12 阅读

• 作者： Mehmet EMIROGLU
  日期： 2019-02-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46405/

• ===========================================================================================
  # Exploit Title: Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
  # Dork: N/A
  # Date: 10-02-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://sourceforge.net/projects/webinessinventory/files/
  # Software Link: https://sourceforge.net/projects/webinessinventory/files/
  # Version: 2.3
  # Category: Webapps
  # Tested on: Wamp64, Windows
  # CVE: CVE-2019-8404
  # Software Description: Small stock inventory managment application for web.
  ===========================================================================================
  # POC:
  # Sign in to admin panel. then go to the inventory tab.
  Switch to the products tab and create a new product.
  In product image, click the browse button and select a file.
  https://i.hizliresim.com/OvrOOn.jpg
  When you save the product, the script is loaded with the error file to
  the server.
  for example service unvailable
  https://i.hizliresim.com/zjGqD4.jpg
  path to the file we uploaded
  https://i.hizliresim.com/XMbpp5.jpg
  # http://localhost/[PATH]/runtime/ProductModel/[FILE]
  ===========================================================================================