Simple sales - Inventory System & POS v1.1 WebShell Upload - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1634786 漏洞类型
发布时间 2019-06-19 更新时间 2019-06-19
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019060131
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*!
* ::- Title: Simple sales - Inventory System & POS v1.1 WebShell Upload
* ::- Author: m0ze
* ::- Date: 2019/04/13
* ::- Software: Simple sales - Inventory System & POS v1.1
*/
  
::- Details & Description -::
~ WebShell upload capability was discovered in the «Simple sales - Inventory System & POS». Current version of this web-application is 1.1.

::- Demo Website -::
~ https://codecanyon.net/item/simple-sales-inventory-system-pos/22533347
~ Backend: http://simplesales.itech-theme.com/login
~ Login / Password: admin@email.com / 12345

::- Special Note -::
~ Declared option of this item with price $40 is: «More secure platform». Clear on it all, I think.

::- Google Dork -::
~ -

::- PoC Links -::
~ http://simplesales.itech-theme.com/upload/1520778291.php
~ http://simplesales.itech-theme.com/upload/1520767280.php
~ http://simplesales.itech-theme.com/upload/1521738915.php

::- PoC [WebShell Upload] -::
~ Go to the demo website http://simplesales.itech-theme.com/login and log in with provided credentials (admin@email.com / 12345). Select any page with file upload form: «Product», «Category», «Brands» or «Users», create a new item or edit any existed. You'll see the upload form w/o proper filtering, so it's possible to upload WebShell as .php, .php5 or .php7. Eg.: http://simplesales.itech-theme.com/product/edit/28, «inspect» uploaded file on the «Product Image» field.