Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CWE-434 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | Critical | Remote | 2019-06-19 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.02192 | 0.50148 |
/*! * ::- Title: Simple sales - Inventory System & POS v1.1 WebShell Upload * ::- Author: m0ze * ::- Date: 2019/04/13 * ::- Software: Simple sales - Inventory System & POS v1.1 */ ::- Details & Description -:: ~ WebShell upload capability was discovered in the Simple sales - Inventory System & POS. Current version of this web-application is 1.1. ::- Demo Website -:: ~ https://codecanyon.net/item/simple-sales-inventory-system-pos/22533347 ~ Backend: http://simplesales.itech-theme.com/login ~ Login / Password: [email protected] / 12345 ::- Special Note -:: ~ Declared option of this item with price $40 is: More secure platform. Clear on it all, I think. ::- Google Dork -:: ~ - ::- PoC Links -:: ~ http://simplesales.itech-theme.com/upload/1520778291.php ~ http://simplesales.itech-theme.com/upload/1520767280.php ~ http://simplesales.itech-theme.com/upload/1521738915.php ::- PoC [WebShell Upload] -:: ~ Go to the demo website http://simplesales.itech-theme.com/login and log in with provided credentials ([email protected] / 12345). Select any page with file upload form: Product, Category, Brands or Users, create a new item or edit any existed. You'll see the upload form w/o proper filtering, so it's possible to upload WebShell as .php, .php5 or .php7. Eg.: http://simplesales.itech-theme.com/product/edit/28, inspect uploaded file on the Product Image field.
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.