MobileCartly Arbitrary File Creation Vulnerability Allowing Remote Code Execution

A vulnerability exists in MobileCartly version 1.0 within the savepage.php script, where the application lacks proper authentication and authorization checks. This oversight allows an unauthenticated attacker to exploit the vulnerability by sending crafted HTTP GET requests that include a filename and content. The vulnerable script uses file_put_contents() to write the specified content to a file, enabling arbitrary file creation in the pages/ directory or any other writable location on the server. This vulnerability can lead to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file creation, which can be leveraged to execute malicious code on the server.

Reproduction

To reproduce this vulnerability, send a GET request to savepage.php with the 'savepage' parameter set to the desired filename and the 'pagecontent' parameter containing the code to be executed. For example, uploading a PHP file with a payload that executes a command can demonstrate the vulnerability.