SourceCodester Web-Based Pharmacy Product Management System File Upload Vulnerability

A file upload vulnerability has been identified in SourceCodester Web-Based Pharmacy Product Management System version 1.0. The issue arises because the application only validates the Content-Type header during file uploads. This flaw allows an attacker to upload a PHP file, disguised as an image, by altering the Content-Type header to 'image/jpg'. Once uploaded, the PHP file can be executed on the server, leading to unauthorized command execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to upload and execute malicious PHP scripts on the server.

Reproduction

To reproduce this vulnerability, first create a one-liner web shell and save it as 'zxc.php'. Upload this file through the 'add-product.php' page by modifying the request to change the Content-Type header to 'image/jpg'. After uploading, the web shell can be accessed and executed, demonstrating successful exploitation.