Virtocommerce Beta 2.0 Arbitrary File Upload

# Affected software: Virtocommerce Beta 2.0
# Type of vulnerability:

unrestricted fileupload
# URL:http://virtocommerce.com/try-now/online-demo
# Discovered by: provensec
# Website: provensec.com

#version: 2.0
# Proof of concept

original request:http://prntscr.com/6q7joe

manipulated request:http://prntscr.com/6q7jvu

attacker can upload unallowed files by simple manipulating content type
and extension 

-- 

Best Regards,
Ankit Bharathan  /*Security Researcher*
[image: Provensec,llc] <http://provenec.com/>

ankit.b@provensec.com

Provensec,llc
http://provenec.com

P *Consider the environment. Please don't print this e-mail unless
absolutely necessary.*