| Title | Remote Code Execution Via LOGO upload On CodeAstro Point of Sale System in PHP Laravel v1.0 |
|---|
| Description | Impacted Project: https://codeastro.com/pos-system-in-php-laravel-with-source-code/
Description:
The above mentioned project is vulnerable to Authenticated Remote Code Execution via arbitrary File Upload, where a admin user can upload php web shell through the logo upload functionality and gain a shell access on the server.
Steps To Reproduce:
- Login to the System with your creds
- Got to Settings
- Upload a webshell on the Logo Pic upload
- Right click on the update profile pic and click on open in new tab
You can see the code will get executed.
Note: Checkout the attached POC Video for reference.
Impact:
The attacker can gain shell access on the server, depending on whether the application is running as root or low priv user the impact will vary.
But in any access the attacker will have a shell access to the server which then can be used to gain priv esc and take complete controll of the server.
Even a low priv shell can be used to delete the application level system files which can disrupt the business.
CVSS Score: 7.2
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
|---|
| Source | ⚠️ https://drive.google.com/file/d/1LIXuVmxby4QTY7v7dD-F0oRnwVVOwlmJ/view?usp=sharing |
|---|
| User | w3bspl01t3r (UID 39229) |
|---|
| Submission | 10/23/2023 23:39 (3 years ago) |
|---|
| Moderation | 10/26/2023 09:32 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 243602 [CodeAstro POS System 1.0 Logo /setting unrestricted upload] |
|---|
| Points | 20 |
|---|