https://www.exploit-db.com/exploits/21590
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-170

PhpAuction是一款免费开放源代码的基于WEB的拍卖系统，使用PHP+MYSQL实现。PHPAuction中的login.php对用户提交的URL请求缺少正确判断，远程攻击者可以利用这个漏洞建立管理员权限的用户帐户。PHPAuction中的/admin/login.php脚本只检查$action是否设置为”insert”，如果是的情况下，就直接转向在管理员用户表中插入用户名和密码操作，攻击者可以提交非法URL请求导致在系统中增加具有管理员权限的帐户。

source: http://www.securityfocus.com/bid/5141/info

PhpAuction is a freely available web-based auction system. It is written using PHP scripting language on a MySQL database engine.

A flaw in /admin/login.php has been reported in PHPAuction, which could allow users to gain escalated privileges.

Submitting authentication credentials via login.php will create the user account with adminsitrative permissions. 

curl http://pro.phpauction.org/proplus/admin/login.php -d "action=insert" -d "username=test" -d "password=test"

来源:BID
名称:5141
链接:http://www.securityfocus.com/bid/5141
来源:www.phpauction.org
链接:http://www.phpauction.org/viewnew.php?id=5
来源:XF
名称:phpauction-admin-account-creation(9462)
链接:http://www.iss.net/security_center/static/9462.php
来源:BUGTRAQ
名称:20020702PHPAuctionbug
链接:http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html