Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload

2019-02-18 19:05:16

===========================================================================================
# Exploit Title: Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
# Dork: N/A
# Date: 10-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/webinessinventory/files/
# Software Link: https://sourceforge.net/projects/webinessinventory/files/
# Version: 2.3
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: CVE-2019-8404
# Software Description: Small stock inventory managment application for web.
===========================================================================================
# POC:
# Sign in to admin panel. then go to the inventory tab.
Switch to the products tab and create a new product.
In product image, click the browse button and select a file.
https://i.hizliresim.com/OvrOOn.jpg
When you save the product, the script is loaded with the error file to
the server.
for example service unvailable
https://i.hizliresim.com/zjGqD4.jpg
path to the file we uploaded
https://i.hizliresim.com/XMbpp5.jpg
# http://localhost/[PATH]/runtime/ProductModel/[FILE]
===========================================================================================

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.