An arbitrary file upload vulnerability exists in /admin/add-category.php

ajayrandhawa / Grocery-CMS-PHP-Restful-API

Grocery-CMS-PHP-Restful-API is an online grocery shop. The project is developed by using PHP/MySQL/Slim Restful API. The project has powerful backend cms to manage grocery shop online. it has features like add items, remove items, update price, manage orders etc. Restful API ready to embed in Application using JSON data.

54 stars 30 forks source link

An arbitrary file upload vulnerability exists in /admin/add-category.php #5

Closed f1rstb100d closed 6 months ago

f1rstb100d commented 1 year ago

There is an arbitrary file upload vulnerability exists in /admin/add-category.php, User can upload webshell to execute command.

POC: First we create a jpg image and write a php webshell.

Then, we add category, and modify the extension with burpsuite.

The uploaded file was saved in /admin/itemimg/ with same name.

We can easily use it for RCE(RemoteCodeExecution).

Solution: Better use white list to check uploaded files.

ajayrandhawa commented 6 months ago

Thanks, I fix it Soon. I know code need Lots of Validation and Checks, This is First code When i Start Php