| عنوان | Remote Code Execution On CodeAstro Point of Sale System in PHP Laravel v1.0 |
|---|
| الوصف | Impacted Project: https://codeastro.com/pos-system-in-php-laravel-with-source-code/
Description:
The above mentioned project is vulnerable to Authenticated Remote Code Execution via arbitrary File Upload, where a user can upload php web shell thorugh the profile pic upload functionality and gain a shell access on the server.
Steps To Reproduce:
- Login to the System with your creds
- Got to profile page
- Upload a webshell
- Right click on the update profile pic and click on open in new tab
You can see the code will get executed.
Note: Checkout the attached POC Video for reference.
Impact:
The attacker can gain shell access on the server, depending on whether the application is running as root or low priv user the impact will vary.
But in any access the attacker will have a shell access to the server which then can be used to gain priv esc and take complete controll of the server.
Even a low priv shell can be used to delete the application level system files which can disrupt the business.
Since the vulnerability can even be exploited by a low level user on the application the impact is quite high.
CVSS Score: 8.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|---|
| المصدر | ⚠️ https://drive.google.com/file/d/1bjDpJdG28Q5-RGJB89Dzw6YzZ1VHN23X/view?usp=sharing |
|---|
| المستخدم | w3bspl01t3r (UID 39229) |
|---|
| ارسال | 23/10/2023 11:05 PM (3 سنوات منذ) |
|---|
| الاعتدال | 26/10/2023 09:30 AM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 243601 [CodeAstro POS System 1.0 Profile Picture /profil تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|