| Название | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Remote Code Execution |
|---|
| Описание | Bug Description:
A vulnerability in the Emergency Ambulance Hiring Portal 1.0 allows an unauthenticated attacker to execute code on the server by exploiting SQL injection and escalating it to remote code execution.
Steps to Reproduce:
# Exploit Title: Remote Code Execution in "searchdata" parameter of Emergency Ambulance Hiring Portal
# Date: 28-03-2024
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE:
To exploit the vulnerability:
1- First visit this endpoint http://localhost/eahp/ambulance-tracking.php
2- Then write any random data in the "searchdata" parameter and intercept the request. Save the request in your local machine, then use the command below for sqlmap.
3- The screenshot below shows that the parameter is vulnerable to SQLi and thus we opened up a shell to execute system commands causing Remote Code Execution.
|
|---|
| Источник | ⚠️ https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rce.md |
|---|
| Пользователь | dhabaleshwar (UID 58737) |
|---|
| Представление | 29.03.2024 12:02 (2 лет назад) |
|---|
| Модерация | 29.03.2024 15:27 (3 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 258680 [PHPGurukul Emergency Ambulance Hiring Portal 1.0 Ambulance Tracking Page ambulance-tracking.php searchdata SQL-инъекция] |
|---|
| Баллы | 20 |
|---|