Exploits / Vulnerability Discovered : 2023-07-03 |
Type : webapps |
Platform : php
This exploit / vulnerability Pos codekop v2.0 authenticated remote code execution (rce) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
# Date: 25-05-2023
# Exploit Author: yuyudhn
# Vendor Homepage: https://www.codekop.com/
# Software Link: https://github.com/fauzan1892/pos-kasir-php
# Version: 2.0
# Tested on: Linux
# CVE: CVE-2023-36348
# Vulnerability description: The application does not sanitize the filename
parameter when sending data to /fungsi/edit/edit.php?gambar=user. An
attacker can exploit this issue by uploading a PHP file and accessing it,
leading to Remote Code Execution.
# Reference: https://yuyudhn.github.io/pos-codekop-vulnerability/
# Proof of Concept:
1. Login to POS Codekop dashboard.
2. Go to profile settings.
3. Upload PHP script through Upload Profile Photo.