Home / exploits ViArt Shop 4.2.1 CSRF / XSS / SQL Injection / File Upload
Posted on 07 June 2015
ViArt Shop 4.2.1 Mullti Vulnerability ===================================== Author : indoushka Vondor : www.viart.com/ Dork : PHP Ecommerce Solutions by ViArt ========================================= XSS : C:AppServwwwviartarticles_rss.php Line : 190 echo $xml Remote/Local File Inclusion : C:AppServwwwviartads.php Line :21 include_once $language_code C:AppServwwwviartads_compare.php Line : 20 include_once $language_code C:AppServwwwviartads_details.php Line : 21 include_once $language_code C:AppServwwwviartfriendly_url.php Line : 266 include_once $page_name C:AppServwwwviartindex.php Line :17 include_once $language_code Sql Injection : C:AppServwwwviartads.php Line :68 mysqli::query $sql C:AppServwwwviartads_details.php Line :59 mysqli::query $sql File Access : C:AppServwwwviartdownload.php Line : 226 fopen $download_path C:AppServwwwviartinstall.php Line : 227 fopen $dump_sql File Upload : C:AppServwwwviartuser_forum_attachments.php Line : 153 move_uploaded_file $tmp_name,$filepath,$new_filename,$filepath,$errors,$filepath,$filepath,$errors,$filepath Editor Upload : http://localhost/viart/editor/editor_upload.html http://localhost/viart/editor/editor_select.html http://localhost/viart/js/dialogs/insert_image.html http://127.0.0.1/viart/images/editor/oo.jpg R/L inclusion : http://127.0.0.1/viart/editor/editor_select.php?root_dir=../images/WYSIWYG
