bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51943.txt
Exploit-DB a44e138f78 DB: 2024-04-03 
28 changes to exploits/shellcodes/ghdb

Casdoor < v1.331.0 - '/api/set-password' CSRF

GL-iNet MT6000 4.5.5 - Arbitrary File Download

Axigen < 10.5.7 - Persistent Cross-Site Scripting

Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

CE Phoenix v1.0.8.20 - Remote Code Execution
Daily Habit Tracker 1.0 - Broken Access Control
Daily Habit Tracker 1.0 - SQL Injection
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)

E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)

Elementor Website Builder < 3.12.2 - Admin+ SQLi
Employee Management System 1.0 - _txtfullname_ and _txtphone_ SQL Injection
Employee Management System 1.0 - _txtusername_ and _txtpassword_ SQL Injection (Admin Login)
FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)
FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

Gibbon LMS v26.0.00 - SSTI vulnerability

Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)

LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

OpenCart Core 4.0.2.3 - 'search' SQLi

Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)

Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal

Smart School 6.4.1 - SQL Injection

Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)

ASUS Control Center Express 01.06.15 - Unquoted Service Path

Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation

Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path
2024-04-03 00:16:27 +00:00

18 lines
No EOL
1 KiB
Text
Raw Blame History

# Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)
# Date: 02/04/2024
# Exploit Author: Sandeep Vishwakarma
# Vendor Homepage: https://www.sourcecodester.com
# Software Link:https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html
# Version: v1.0
# Tested on: Windows 10
# Description: File Upload vulnerability in Petrol Pump Management Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the logo Photos parameter in the web_crud.php component.
# POC:
1. Here we go to : http://127.0.0.1/fuelflow/index.php
2. Now login with default username=mayuri.infospace@gmail.com and Password=admin
3. Now go to "http://127.0.0.1/fuelflow/admin/web.php"
4. Upload the san.php file in "Image" field
5. Phpinfo will be present in "http://localhost/fuelflow/assets/images/phpinfo.php" page
6. The content of san.php file is given below: <?php phpinfo();?>
# Reference:
https://github.com/hackersroot/CVE-PoC/blob/main/CVE-2024-29410.md
Reference in a new issue View git blame Copy permalink