| タイトル | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Remote Code Execution |
|---|
| 説明 | Bug Description:
A vulnerability in the Emergency Ambulance Hiring Portal 1.0 allows an unauthenticated attacker to execute code on the server by exploiting SQL injection and escalating it to remote code execution.
Steps to Reproduce:
# Exploit Title: Remote Code Execution in "searchdata" parameter of Emergency Ambulance Hiring Portal
# Date: 28-03-2024
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE:
To exploit the vulnerability:
1- First visit this endpoint http://localhost/eahp/ambulance-tracking.php
2- Then write any random data in the "searchdata" parameter and intercept the request. Save the request in your local machine, then use the command below for sqlmap.
3- The screenshot below shows that the parameter is vulnerable to SQLi and thus we opened up a shell to execute system commands causing Remote Code Execution.
|
|---|
| ソース | ⚠️ https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rce.md |
|---|
| ユーザー | dhabaleshwar (UID 58737) |
|---|
| 送信 | 2024年03月29日 12:02 (2 年 ago) |
|---|
| モデレーション | 2024年03月29日 15:27 (3 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 258680 [PHPGurukul Emergency Ambulance Hiring Portal 1.0 Ambulance Tracking Page ambulance-tracking.php searchdata SQLインジェクション] |
|---|
| ポイント | 20 |
|---|