The document describes an upload vulnerability in PHPAuctionSystem where an attacker can inject malicious code into the item description field during the 'sell an item' process, leading to arbitrary code execution. The steps outline a stored XSS or file upload attack vector, but no functional exploit code is provided.
Classification
Writeup 80%
Target:
PHPAuctionSystem (version unspecified)
Auth required
Prerequisites:
Registered user account · Access to 'sell an item' feature