Campcodes Retro Basketball Shoes Online Store Unrestricted File Upload Vulnerability

A critical file upload vulnerability exists in Campcodes Retro Basketball Shoes Online Store version 1.0, specifically within the admin_football.php file. This vulnerability allows remote attackers to upload malicious PHP scripts, such as web shells, by bypassing file type and content validation. Once the malicious file is uploaded, attackers can execute commands on the server, access the file system, and steal sensitive information.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can lead to the execution of arbitrary code on the server via uploaded web shells. Such exploitation could result in full system control, allowing the attacker to execute commands, manipulate files, access sensitive data, and potentially establish persistent backdoors for future access.

Reproduction

To reproduce this vulnerability, send a POST request to the /admin/admin_football.php file with the product_image parameter containing a PHP file disguised as an image. The upload will bypass the server's file type and content checks, allowing the execution of the uploaded PHP script as a web shell.

Remediation

To address this vulnerability, implement strict file upload validations by whitelisting allowed file types, verifying MIME types, and inspecting file contents for executable script signatures. Additionally, configure the web server to block access to uploaded PHP files and monitor for suspicious upload activities.