PHPGurukul Car Rental Project Unrestricted File Upload Vulnerability

A critical unrestricted file upload vulnerability has been identified in the PHPGurukul Car Rental Project version 1.0. The issue resides in the file '/admin/post-avehical.php', where the lack of proper validation for file extensions allows for the upload of malicious files, such as web shells. This vulnerability can be exploited remotely, and requires authentication to access the backend.

Impact

Exploitation of this vulnerability allows attackers to upload malicious files that can be executed on the server, potentially leading to a full compromise of the web application and access to sensitive data on the server.

Reproduction

To reproduce this vulnerability, log into the backend of the application and navigate to the '/admin/post-avehical.php' page. Once there, upload a file through the 'img1', 'img2', 'img3', 'img4', or 'img5' fields without any restriction on the file type. After uploading, the file can be accessed via the '/admin/img/vehicleimages/' directory, where it can be executed as a PHP script.

Remediation

Users are advised to implement strict file type validation, ensuring that uploaded files are checked against a whitelist of acceptable extensions and MIME types. Additionally, files should be stored outside the web root, renamed to obscure their content, and given restrictive permissions. Regular security audits and code reviews are also recommended to identify and address potential vulnerabilities.