Campcodes Advanced Online Voting System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Campcodes Advanced Online Voting System version 1.0. The issue resides in the '/admin/candidates_add.php' file, where the 'photo' argument can be manipulated to bypass file type and content validation. This vulnerability can be exploited remotely, and public exploits are available.

Impact

Exploitation of this vulnerability allows attackers to upload malicious PHP scripts, such as web shells, which can be used to gain full control over the affected system. Once the web shell is uploaded, attackers can execute system commands, browse the file system, and steal sensitive data.

Reproduction

To reproduce this vulnerability, authenticate to the application and navigate to the '/admin/candidates_add.php' page. Upload a file through the 'photo' parameter, ensuring it is a PHP script disguised as an image. After the file is uploaded, use an AntSword client to connect to the web shell and execute commands on the server.

Remediation

It is recommended to implement strict file upload validations, such as whitelisting allowed file types and verifying MIME types and content signatures. Additionally, uploaded files should be stored in non-web-accessible directories with execution permissions disabled.