SecurityHome.eu Security vulnerability: Virtocommerce Beta 2.0 Arbitrary File Upload

Home / vulnerabilities PDF

Virtocommerce Beta 2.0 Arbitrary File Upload
Posted on 08 April 2015
Source : packetstormsecurity.org Link

# Affected software: Virtocommerce Beta 2.0
# Type of vulnerability:

unrestricted fileupload
# URL:http://virtocommerce.com/try-now/online-demo
# Discovered by: provensec
# Website: provensec.com

#version: 2.0
# Proof of concept

original request:http://prntscr.com/6q7joe

manipulated request:http://prntscr.com/6q7jvu

attacker can upload unallowed files by simple manipulating content type
and extension

--

Best Regards,
Ankit Bharathan /*Security Researcher*
[image: Provensec,llc] <http://provenec.com/>

ankit.b@provensec.com

Provensec,llc
http://provenec.com

P *Consider the environment. Please don't print this e-mail unless
absolutely necessary.*

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20