CVE-2020-25515 PoC — Library Management System 代码问题漏洞

Source

https://github.com/Ko-kn3t/CVE-2020-25515

Associated Vulnerability

Title:Library Management System 代码问题漏洞 (CVE-2020-25515)
Description:Library Management System是一套图书管理管理系统。 Sourcecodester Simple Library Management System 1.0版本存在安全漏洞，该漏洞源于http://<site>/lms/index.php?page=books。

Description

Unrestricted File Upload in Simple Library Management System 1.0

Readme

# CVE-2020-25515
#Unrestricted File Upload in Simple Library Management System 1.0

#Vendor - https://www.sourcecodester.com

#Product -https://www.sourcecodester.com/php/14439/simple-library-management-system-project-using-phpmysql.html

#Vulnerability Type - Unrestricted File Upload

#Affected Component - Books > New Book ,[ http://<site>/lms/index.php?page=books] http://<site>/lms/index.php?page=books

#Attack Type- Local

#Impact Code execution - true

#Attack Vectors 

1) Login to Dashboard, go to Books tab and Add New Book.

2) in upload field, upload "php-reverse-shell" (https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php) instead of books.

3) listen in Kali terminal with port 1234, and then try to edit this card.

4) listen in Kali terminal with port 1234

5) if you didn't get shell, right click on broken image and open this, we can see our uploaded file is successfully executed and got connect back shell

File Snapshot


 [4.0K]  /data/pocs/c6674628ced0cb9b1bb9af721128196ea7364b5f
├── [ 961]  README.md
└── [6.7M]  simple-library-management-system.zip

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!