SourceCodester Simple Company Website Unrestricted File Upload Vulnerability

A critical arbitrary file upload vulnerability has been identified in SourceCodester Simple Company Website version 1.0. The issue resides in the file '/classes/Content.php?f=service', where the 'img' parameter is manipulated to allow unrestricted file uploads. This vulnerability can be exploited remotely by authenticated users with a valid PHPSESSID. The lack of proper input validation enables attackers to upload malicious PHP scripts disguised as image files. Once uploaded, these scripts can be executed through a web browser, potentially leading to a complete server compromise.

Impact

Exploitation of this vulnerability allows authenticated users to upload and execute arbitrary PHP code on the server. This could result in remote code execution, full system compromise, data leakage, unauthorized data modification, and disruption of service availability.

Reproduction

To reproduce this vulnerability, authenticate to the application to obtain a valid PHPSESSID. Then, send a POST request to '/classes/Content.php?f=service' with the 'img' parameter containing a malicious PHP script disguised as an image file. After the upload, the malicious file can be accessed and executed from the '/uploads/' directory.

Remediation

It is recommended to implement strict validation of uploaded files, ensuring that only expected image formats are accepted. Additionally, configure the web server to prevent execution of scripts in the upload directory, rename and relocate uploaded files to a secure location, and apply Content Security Policies to mitigate risks associated with serving malicious files.