This is a writeup describing an arbitrary shell upload vulnerability in ECommerce-TIBSECART. It outlines steps to exploit the vulnerability by registering, logging in, and uploading a malicious shell via the profile section.
Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target:ECommerce-TIBSECART
Auth required
Prerequisites:valid user account · access to profile upload functionality