| タイトル | SourceCodester SourceCodester KLiK Social Media Website v1.0.1 Unrestricted Upload |
|---|
| 説明 | Unrestricted file upload vulnerability in upload.inc.php and related files allows unauthenticated attackers to upload arbitrary files (including PHP web shells) to the ./uploads/ directory. Although the filename is renamed with uniqid(), insufficient content validation and potential server misconfiguration can lead to remote code execution (RCE).
Create a malicious file containing PHP code (e.g., <?php system($_GET['cmd']); ?>).
Rename the file with an allowed extension (e.g., shell.jpg).
Submit the file via the upload form (parameter name dp).
The server renames the file using uniqid() but preserves the allowed extension.
If the ./uploads/ directory is web-accessible and the server executes PHP code regardless of extension (misconfiguration), the attacker can trigger the payload.
Example exploitation request (after upload):
GET /uploads/5f1a2b3c4d5e6f.jpg?cmd=id HTTP/1.1 |
|---|
| ソース | ⚠️ https://github.com/msaad1999/KLiK-SocialMediaWebsite |
|---|
| ユーザー | g111 (UID 92409) |
|---|
| 送信 | 2026年04月27日 03:50 (1 月 ago) |
|---|
| モデレーション | 2026年05月24日 08:52 (27 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 365402 [KLiK SocialMediaWebsite 1.0 File upload.inc.php uniqid 特権昇格] |
|---|
| ポイント | 20 |
|---|