Campcodes Online Job Finder System Unrestricted File Upload Vulnerability

A critical unrestricted file upload vulnerability has been identified in Campcodes Online Job Finder System version 1.0. The issue resides in the '/eris/applicationform.php' file, where the 'picture' parameter can be manipulated to upload malicious files without proper security checks. This vulnerability can be exploited remotely, allowing attackers to upload files such as web shells, which could then be used to execute arbitrary code on the server.

Impact

Exploitation of this vulnerability allows remote attackers to upload malicious files that can be executed on the server, leading to unauthorized code execution. This poses a significant risk as it can be used to compromise the entire system.

Reproduction

To reproduce this vulnerability, send a POST request to '/eris/process.php' with the 'action' parameter set to 'submitapplication' and the 'JOBID' parameter set to '2'. Include the 'picture' parameter in the form-data, attaching a file named 'shell.php' that contains a web shell payload. The request can be made using a tool like Burp Suite or Postman.

Remediation

It is recommended to implement server-side validation of uploaded files, allowing only specific file types and extensions. Additionally, files should be renamed to remove any original metadata and stored outside the web root, with access managed through secure proxy scripts.