itsourcecode Online Tour and Travel Management System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in the itsourcecode Online Tour and Travel Management System version 1.0. This issue resides in the file /admin/operations/travellers.php, where the photo parameter can be manipulated to bypass file type and content restrictions. The vulnerability can be exploited remotely, and public exploits are available.

Impact

Exploitation of this vulnerability allows attackers to upload malicious PHP scripts, such as web shells, which can be used to gain full control over the affected system. This includes executing system commands, navigating the file system, and accessing sensitive data.

Reproduction

To reproduce this vulnerability, send a POST request to /admin/operations/travellers.php with the photo parameter containing a PHP file disguised as an image. The uploaded file will be stored in a web-accessible directory, where it can be executed as a script.

Remediation

Users are advised to implement stricter file upload validations, such as whitelisting allowed file types and verifying MIME types. Additionally, uploaded files should be stored in non-web-accessible directories and with execution permissions disabled.