Revenue Collection System 1.0 SQL Injection / Remote Code Execution

Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write a malicious PHP file to disk. The resulting file can then be accessed within the /rates/admin/DBbackup directory. This script will write the malicious PHP file to disk, issue a user-defined command, then retrieve the result of that command.Exploit Files ≈ Packet Storm  

 

More To Explore

Red Hat Security Advisory 2022-8750-01

Red Hat Security Advisory 2022-8750-01 – OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of

Do You Want To Secure Your Business?

drop us a line and keep in touch

Cyber Security Automation
Generated by Feedzy