Virtocommerce Beta 2.0 Arbitrary File Upload ~ Tebing Tinggi Lamer

# Affected software: Virtocommerce Beta 2.0
# Type of vulnerability:

unrestricted fileupload
# URL:http://virtocommerce.com/try-now/online-demo
# Discovered by: provensec
# Website: provensec.com

#version: 2.0
# Proof of concept

original request:http://prntscr.com/6q7joe

manipulated request:http://prntscr.com/6q7jvu

attacker can upload unallowed files by simple manipulating content type
and extension 

-- 

Best Regards,
Ankit Bharathan  /*Security Researcher*
[image: Provensec,llc] <http://provenec.com/>

ankit.b@provensec.com

Provensec,llc
http://provenec.com

P *Consider the environment. Please don't print this e-mail unless
absolutely necessary.*

Tebing Tinggi Lamer

Do Not Using This Article For Criminal, This Article Just For Fun And Knowledge. Thanks

Tuesday, September 15, 2015

Virtocommerce Beta 2.0 Arbitrary File Upload

0 komentar:

Post a Comment