| Title | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Remote Code Execution |
|---|
| Description | Bug Description:
A vulnerability in the Emergency Ambulance Hiring Portal 1.0 allows an unauthenticated attacker to execute code on the server by exploiting SQL injection and escalating it to remote code execution.
Steps to Reproduce:
# Exploit Title: Remote Code Execution in "searchdata" parameter of Emergency Ambulance Hiring Portal
# Date: 28-03-2024
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE:
To exploit the vulnerability:
1- First visit this endpoint http://localhost/eahp/ambulance-tracking.php
2- Then write any random data in the "searchdata" parameter and intercept the request. Save the request in your local machine, then use the command below for sqlmap.
3- The screenshot below shows that the parameter is vulnerable to SQLi and thus we opened up a shell to execute system commands causing Remote Code Execution.
|
|---|
| Source | ⚠️ https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rce.md |
|---|
| User | dhabaleshwar (UID 58737) |
|---|
| Submission | 03/29/2024 12:02 (2 years ago) |
|---|
| Moderation | 03/29/2024 15:27 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 258680 [PHPGurukul Emergency Ambulance Hiring Portal 1.0 Ambulance Tracking Page ambulance-tracking.php searchdata sql injection] |
|---|
| Points | 20 |
|---|