CVE-2020-5509 PoC — PHPGurukul Car Rental Project 代码问题漏洞

Source

Associated Vulnerability

Description

Car Rental Project v.1.0 Remote Code Execution

Readme

#### CVE-2020-5509 - Remote Code Execution proof-of-concept

Proof of concept exploit for CVE-2020-5509

RCE in the Car Rental Project v.1.0 web application via authenticated arbitrary file upload

```
# Exploit Title: Car Rental Project v.1.0 Remote Code Execution
# Google Dork: N/A
# Date: 1/3/2020
# Exploit Author: FULLSHADE
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/
# Version: 1.0
# Tested on: Windows
# CVE : CVE-2020-5509
```
#### Manual POC method

1. Visit carrental > admin login > changeimage1.php
2. Upload a php rce vulnerable payload
3. Visit /carrentalproject/carrental/admin/img/vehicleimages/<RCE>.php to visit your file
4. Execute commands on the server

#### Description

Car Rental Project v.1.0 is vulnerable to arbitrary file upload since an admin can change the image of a product and the file change PHP code doesn't validate
or care what type of file is submitted, which leads to an attack having the ability to
upload malicious files. This Python POC will execute arbitrary commands on the remote server.

![image of RCE](poc-rce.png)

#### Disclosure

```
>> Contacted company/author
>> No response
>> Requested CVE / public release
```

File Snapshot

 [4.0K]  /data/pocs/b8a0b9cb45c537104cf53346968d6e9c42623e61
├── [2.9K]  CVE-2020-5509-rce-poc.py
├── [ 70K]  poc-rce.png
└── [1.2K]  README.md

0 directories, 3 files

Remarks