Header Ads Widget

Library-Card-System V 1.0 | Add Picture/Signature - signup.php | Unrestricted File Upload | Found By Maloy Roy Orko

February 06, 2025

Hi All, 


CVE : N/A

I am Maloy Roy Orko.

Recently in one of my pentest research, I found an Library-Card-System application By Needyamin which is an open source Image Gallery Management System using PHP, MYSQL, JAVASCRIPT.

It is based on the scripting languages of PHP. Library-Card-System is an Library Card System using PHP, MYSQL, JAVASCRIPT

Curious to explore its functionalities, I downloaded and set it up in my local system. 

After fiddling with the source code, I found that it did not have any kind of File Extension or Upload protection In signup.php file.

It can lead into:

  1. Malware Distribution
  2. Remote Code Execution (RCE)
  3. Data Breach
  4. Denial of Service (DoS)
  5. Web Shell Installation
  6. Bypassing Security Controls
  7. Reputation Damage

The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.Thats why I am trying to inform everyone about this.

  • Title of the Vulnerability: 
  • Library-Card-System V 1.0 | Add Picture/Signature - signup.php | Unrestricted File Upload | Found By Maloy Roy Orko
  • Vulnerability Class: Unrestricted File Upload 
  • Product Name: Library-Card-System 
  • Vendor: https://github.com/needyamin/
  • Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/
  • Technical Details & Description: The application source code is coded in a way which allows Unrestricted File Upload.It can lead into:
  1. Malware Distribution
  2. Remote Code Execution (RCE)
  3. Data Breach
  4. Denial of Service (DoS)
  5. Web Shell Installation
  6. Bypassing Security Controls
  7. Reputation Damage
  • Product & Service Introduction: Library-Card-System
  • Observation & Exploitation: 
Let's see the source code? File(signup.php
  • It shows,No Protection Against Unrestricted File Upload .
  • So,We don't need even any bypass 😉
  • So upload a shell and then deface the system 😏😎
  • For this, We Need To Upload Shell Into Signature/PP Here:
http://192.168.0.100:8080/libb/signup.php 

> Upload Shell Instead of PP/Signature


  • So,Lets Upload Shell.php there and when uploaded then just tap the signature or pp then view it in another TAB and you will get the shell





  • You can see that there is no defense or filter against Unrestricted File Upload.Normally They are getting Uploaded and then we can access shell.php here:
  • 192.168.0.100:8080/libb/images/shell.php




  • So, We Found Unrestricted File Upload Vulnerability & Shell Upload Done Too 🤝 

Video POC:

Conclusion :- 

The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combi

ning attacks can make them much more potent.