Skip to content

Latest commit

 

History

History
17 lines (14 loc) · 918 Bytes

Arbitrary-File-Upload-Vulnerability.md

File metadata and controls

17 lines (14 loc) · 918 Bytes

Online Ordering System By janobe - Arbitrary File Upload Vulnerability

  • Exploit Author: zerrr0

Vendor Homepage

Description

  • An arbitrary file upload vulnerability in the select attachment function of Online Ordering System By janobe allows attackers to execute arbitrary code via a malicious PHP file.
  • Vulnerability file: /ordering/admin/products/controller.php?action=add

Proof of Concept (PoC) :

  1. Goto: http://localhost/ordering/admin/
  2. Login as admin using test credentials: admin/admin
  3. Goto: http://localhost/ordering/admin/products/
  4. Register New Product -> Upload Attachment image image