Campcodes Retro Basketball Shoes Online Store Unrestricted File Upload Vulnerability

A critical file upload vulnerability has been identified in Campcodes Retro Basketball Shoes Online Store version 1.0. The issue resides in the file '/admin/admin_running.php', where the 'product_image' argument can be manipulated to bypass file type and content validation, allowing for the unrestricted upload of malicious PHP scripts, such as web shells. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can lead to the execution of uploaded PHP scripts on the server, potentially giving an attacker full control over the system.

Reproduction

To reproduce this vulnerability, send a POST request to '/admin/admin_running.php' with the 'product_image' parameter containing a PHP file disguised as an image. The uploaded file will be saved in a web-accessible directory, where it can be executed as a script.

Remediation

It is recommended to enhance file upload validation by whitelisting allowed file types, inspecting file contents to verify they are not executable scripts, and storing uploaded files in non-web-accessible directories. Additionally, monitoring for anomalous requests that could indicate exploitation attempts can help detect and respond to attacks.