CVE-2019–20183 Employee Records System — Bypass File Upload to RCE
This is a simple project created with PHP, MYSQL and jQuery that stores employee’s personal information including their Image and any other national identity card. You can add other users to also help manage the system and assign them user roles.
👨🏼💻Discovered by Pablo Santiago.
📝Published 06/01/2020.
💉CVE-2019–20183
📄Vulnerable version = 1.0
Attack Vector / Criticality — High
Its possible modify the javascript file "global.js" to bypass the restriction which just allow upload files with extensions "jpg","png" and "jpeg".STEPS
- Create or edit an employee.
- Intercept with burp the response.
- When the app loads the file “global.js” intercept the response.
- Add the extension “.php” in the javascript.
- Upload the file.
PoC
