Advertisement






Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload

CVE Category Price Severity
CWE-264 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2019-02-11
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019020097

Below is a copy:

Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
==================================================================================
# Exploit Title: Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
# Dork: N/A
# Date: 10-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/webinessinventory/files/
# Software Link: https://sourceforge.net/projects/webinessinventory/files/
# Version: 2.3
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Small stock inventory managment application for web.
==================================================================================
# POC:
# Sign in to admin panel. then go to the inventory tab.
  Switch to the products tab and create a new product.
  In product image, click the browse button and select a file.
  https://i.hizliresim.com/OvrOOn.jpg
  When you save the product, the script is loaded with the error file to the server.
  for example service unvailable
  https://i.hizliresim.com/zjGqD4.jpg
  path to the file we uploaded
  https://i.hizliresim.com/XMbpp5.jpg
# http://localhost/[PATH]/runtime/ProductModel/[FILE]
==================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.