| タイトル | Remote Code Execution On CodeAstro Point of Sale System in PHP Laravel v1.0 |
|---|
| 説明 | Impacted Project: https://codeastro.com/pos-system-in-php-laravel-with-source-code/
Description:
The above mentioned project is vulnerable to Authenticated Remote Code Execution via arbitrary File Upload, where a user can upload php web shell thorugh the profile pic upload functionality and gain a shell access on the server.
Steps To Reproduce:
- Login to the System with your creds
- Got to profile page
- Upload a webshell
- Right click on the update profile pic and click on open in new tab
You can see the code will get executed.
Note: Checkout the attached POC Video for reference.
Impact:
The attacker can gain shell access on the server, depending on whether the application is running as root or low priv user the impact will vary.
But in any access the attacker will have a shell access to the server which then can be used to gain priv esc and take complete controll of the server.
Even a low priv shell can be used to delete the application level system files which can disrupt the business.
Since the vulnerability can even be exploited by a low level user on the application the impact is quite high.
CVSS Score: 8.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|---|
| ソース | ⚠️ https://drive.google.com/file/d/1bjDpJdG28Q5-RGJB89Dzw6YzZ1VHN23X/view?usp=sharing |
|---|
| ユーザー | w3bspl01t3r (UID 39229) |
|---|
| 送信 | 2023年10月23日 23:05 (3 年 ago) |
|---|
| モデレーション | 2023年10月26日 09:30 (2 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 243601 [CodeAstro POS System 1.0 Profile Picture /profil 特権昇格] |
|---|
| ポイント | 20 |
|---|