Code-Projects Online Hotel Reservation System Unrestricted File Upload Vulnerability

A file upload vulnerability has been identified in Code-Projects Online Hotel Reservation System version 1.0. The issue resides in the file '/admin/editpicexec.php', where an unknown function fails to properly validate the 'image' argument. This oversight allows for unrestricted file uploads, enabling the potential execution of malicious scripts on the server. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for unauthorized file uploads, which could be used to execute malicious scripts on the server, potentially leading to a full compromise of the server's security.

Reproduction

To reproduce this vulnerability, send a POST request to '/admin/editpicexec.php' with the 'image' parameter. The request must include a file named 'shell.php' disguised as a PNG image. This can be done using a tool like Burp Suite or by manually crafting the request in a programming language that supports HTTP requests, such as Python or JavaScript.

Remediation

It is recommended to implement strict file type and extension checks, store uploaded files in a location separate from the web root, rename files upon upload to prevent execution of malicious scripts, and regularly audit the code for security vulnerabilities.