Code-Projects Simple Car Rental System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Code-Projects Simple Car Rental System version 1.0. The issue resides in the file '/admin/add_cars.php', where the 'image' argument can be manipulated to bypass file type and content validations. This vulnerability requires authentication to exploit and can be used to upload malicious PHP scripts, such as web shells, which could then be executed to gain control over the server.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to upload malicious scripts that are executed on the server. This could lead to full system compromise, allowing the attacker to execute commands, access sensitive data, and potentially move laterally within a network.

Reproduction

To reproduce this vulnerability, authenticate to the application and navigate to the '/admin/add_cars.php' page. Once there, upload a file through the 'image' parameter. The uploaded file can be a PHP script disguised as an image, which the server will accept due to the lack of proper validation. After the file is uploaded, it can be accessed via the web server, and if it contains a web shell, commands can be executed on the server.

Remediation

It is recommended to implement proper file upload validations, such as whitelisting allowed file types and inspecting file contents to ensure they match expected formats. Additionally, uploaded files should be stored in non-web-accessible directories and with execution permissions disabled. Monitoring for anomalous upload patterns can also help detect and prevent exploitation.