Hi All,
I am Maloy Roy Orko.
Recently in one of my pentest research, I found an Ecommerce-Website-using-PHP, Bootstrap4, Html5, Css3 By SHAHID AFRIDI ZIHAD which is an open source E-commerce application using native PHP.
Curious to explore its functionalities, I downloaded and set it up in my local system.
After fiddling with the source code, I found that it did not have any kind of File Extension or Upload protection In signup.php file.
It can lead into:
- Malware Distribution
- Remote Code Execution (RCE)
- Data Breach
- Denial of Service (DoS)
- Web Shell Installation
- Bypassing Security Controls
- Reputation Damage
The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.Thats why I am trying to inform everyone about this.
- Title of the Vulnerability:
- E-commerce V 1.0 | customer image - /customer_register.php | Remote Code Execution| Found By Maloy Roy Orko
- Vulnerability Class: Remote Code Execution Via Unrestricted File Upload
- Product Name: E-commerce
- Vendor: https://github.com/s-a-zhd/
- Vulnerable Product Link: https://github.com/s-a-zhd/Ecommerce-Website-using-PHP/
- CVE : N/A
- CWE: 434
- Technical Details & Description: The application source code is coded in a way which allows Unrestricted File Upload.It can lead into:
- Malware Distribution
- Remote Code Execution (RCE)
- Data Breach
- Denial of Service (DoS)
- Web Shell Installation
- Bypassing Security Controls
- Reputation Damage
- Product & Service Introduction: E-commerce
- Observation & Exploitation:
- It shows,No Protection Against Unrestricted File Upload .
- So,We don't need even any bypass 😉
- So upload a shell and then deface the system 😏😎
- For this, We Need To Upload Shell Into PP Here:
- So,Lets Upload shell named minis.php there and when uploaded then just tap the signature or pp then view it in another TAB and you will get the shell from:
- Shell Location: http://192.168.0.100:8080/ecom/customer/customer_images/minis.php
- You can see that there is no defense or filter against Unrestricted File Upload.Normally They are getting Uploaded and then we can access shell.php here:
- http://192.168.0.100:8080/ecom/customer/customer_images/minis.php
- So, We Found Remote Code Execution via Unrestricted File Upload Vulnerability & Shell Upload Done Too 🤝
Risks of RCE:
- Unauthorized Access: Attackers can gain control over systems and applications.
- Data Breaches: Sensitive data can be accessed, stolen, or manipulated.
- Malware Deployment: Attackers can install malicious software, including ransomware.
- System Compromise: Complete takeover of affected systems, leading to further exploitation.
- Network Propagation: RCE vulnerabilities can allow attackers to move laterally within a network.
- Denial of Service: Attackers can disrupt services, making systems unavailable to legitimate users.
- Financial Losses: Costs associated with recovery, remediation, and potential legal fees.
- Reputational Damage: Loss of customer trust and brand reputation due to security incidents.
- Regulatory Fines: Non-compliance with data protection regulations can lead to significant penalties.
- Data Loss: Permanent loss of critical data and intellectual property.
- Operational Disruption: Downtime and interruptions in business operations.
- Legal Consequences: Potential lawsuits from affected parties or customers.
Impacts of RCE:
Conclusion :-
The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combinng attacks can make them much more potent.
