Revenue Collection System 1.0 SQL Injection / Remote Code Execution

Posted by deepcore on November 17, 2022 – 2:01 pm

Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write a malicious PHP file to disk. The resulting file can then be accessed within the /rates/admin/DBbackup directory. This script will write the malicious PHP file to disk, issue a user-defined command, then retrieve the result of that command.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass Backdoor.Win32.Quux MVID-2022-0656 Hardcoded Credential »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Revenue Collection System 1.0 SQL Injection / Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL