Headline
CVE-2023-1433: bug_report/UPLOAD.md at main · zhengjiashengbaba/bug_report
A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the component Products Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223215.
Gadget Works Online Ordering System v1.0 has arbitrary file upload
BUG_Author: zhengjiasheng
Website source address:https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html
Vulnerability url: /philosophy/admin/products/controller.php?action=add
post form-data parameter ‘filename’ exists arbitrary file upload
Steps to reproduce
1.Go to the admin Dashboard
http://localhost/philosophy/admin/login.php
System Admin Access information:
Username: janobe Password: admin
2.Click on Products and Click on + News and select Products
3.Upload the picture Trojan horse,and append the file suffix .php through BurpSuite
4.Access to upload picture Trojan links,you can execute any command.
For example,dir command.