| عنوان | SourceCodester SourceCodester KLiK Social Media Website v1.0.1 Unrestricted Upload |
|---|
| الوصف | Unrestricted file upload vulnerability in upload.inc.php and related files allows unauthenticated attackers to upload arbitrary files (including PHP web shells) to the ./uploads/ directory. Although the filename is renamed with uniqid(), insufficient content validation and potential server misconfiguration can lead to remote code execution (RCE).
Create a malicious file containing PHP code (e.g., <?php system($_GET['cmd']); ?>).
Rename the file with an allowed extension (e.g., shell.jpg).
Submit the file via the upload form (parameter name dp).
The server renames the file using uniqid() but preserves the allowed extension.
If the ./uploads/ directory is web-accessible and the server executes PHP code regardless of extension (misconfiguration), the attacker can trigger the payload.
Example exploitation request (after upload):
GET /uploads/5f1a2b3c4d5e6f.jpg?cmd=id HTTP/1.1 |
|---|
| المصدر | ⚠️ https://github.com/msaad1999/KLiK-SocialMediaWebsite |
|---|
| المستخدم | g111 (UID 92409) |
|---|
| ارسال | 27/04/2026 03:50 AM (1 شهر منذ) |
|---|
| الاعتدال | 24/05/2026 08:52 AM (27 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365402 [KLiK SocialMediaWebsite 1.0 File upload.inc.php uniqid تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|