| Titre | The simple and beautiful PHP shopping cart system has a file upload vulnerability. |
|---|
| Description | The simple and beautiful PHP shopping cart system has a file upload vulnerability.
Vulnerability file location: / mkshop / Men / profile.php
look at this source code
```
$upload_ dir = 'profile/';
$imgExt = strtolower(pathinfo($imgFile,PATHINFO_EXTENSION));
$valid_ extensions = array('jpeg', 'jpg', 'png', 'gif');
```
Here, users are allowed to upload other files, such as PHP files, and can construct webshell to upload to the website, maliciously attack the website, and get the permission of the website.
https://s1.ax1x.com/2022/08/14/vUSyHH.png
Source link
https://www.sourcecodester.com/php/12579/simple-and-nice-shopping-cart-script.html |
|---|
| La source | ⚠️ https://www.sourcecodester.com/php/12579/simple-and-nice-shopping-cart-script.html |
|---|
| Utilisateur | qidian (UID 30810) |
|---|
| Soumission | 19/08/2022 14:58 (il y a 4 ans) |
|---|
| Modérer | 19/08/2022 21:42 (7 hours later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 206845 [SourceCodester Simple and Nice Shopping Cart Script /mkshop/Men/profile.php élévation de privilèges] |
|---|
| Points | 20 |
|---|