CVE-2020-25515 PoC — Library Management System 代码问题漏洞

Source

https://github.com/Ko-kn3t/CVE-2020-25515

Associated Vulnerability

Title:Library Management System 代码问题漏洞 (CVE-2020-25515)
Description:Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.

Description

Unrestricted File Upload in Simple Library Management System 1.0

Readme

# CVE-2020-25515
#Unrestricted File Upload in Simple Library Management System 1.0

#Vendor - https://www.sourcecodester.com

#Product -https://www.sourcecodester.com/php/14439/simple-library-management-system-project-using-phpmysql.html

#Vulnerability Type - Unrestricted File Upload

#Affected Component - Books > New Book ,[ http://<site>/lms/index.php?page=books] http://<site>/lms/index.php?page=books

#Attack Type- Local

#Impact Code execution - true

#Attack Vectors 

1) Login to Dashboard, go to Books tab and Add New Book.

2) in upload field, upload "php-reverse-shell" (https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php) instead of books.

3) listen in Kali terminal with port 1234, and then try to edit this card.

4) listen in Kali terminal with port 1234

5) if you didn't get shell, right click on broken image and open this, we can see our uploaded file is successfully executed and got connect back shell

File Snapshot


 [4.0K]  /data/pocs/c6674628ced0cb9b1bb9af721128196ea7364b5f
├── [ 961]  README.md
└── [6.7M]  simple-library-management-system.zip

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!