search

ajayrandhawa / Grocery-CMS-PHP-Restful-API

Grocery-CMS-PHP-Restful-API is an online grocery shop. The project is developed by using PHP/MySQL/Slim Restful API. The project has powerful backend cms to manage grocery shop online. it has features like add items, remove items, update price, manage orders etc. Restful API ready to embed in Application using JSON data.
54 stars 30 forks source link

An arbitrary file upload vulnerability exists in /admin/add-items.php #6

Closed ouyangningdong closed 6 months ago

ouyangningdong commented 7 months ago

There is an arbitrary file upload vulnerability exists in /admin/add-items.php, User can upload webshell to execute command.

POC: First we create a jpg image and write a php webshell

image-20240308180243700

Then, we add category, and modify the extension with burpsuite

image-20240308172850280

image-20240308173204463

The uploaded file was saved in /admin/itemimg/ with same name.We can easily use it for RCE(RemoteCodeExecution)

image-20240308173240719

Solution: Better use white list to check uploaded files.

ajayrandhawa commented 6 months ago

Thanks, this code is Outdated But i Fix when i Get Time