SourceCodester Human Resource Information System Unrestricted File Upload Vulnerability Allowing Remote Code Execution

A critical unrestricted file upload vulnerability has been identified in SourceCodester Human Resource Information System version 1.0. The issue resides in the file '/Admin_Dashboard/process/editemployee_process.php', where the 'employee_file201' parameter is manipulated to bypass file upload restrictions. This vulnerability allows unauthenticated attackers to upload malicious files, such as PHP scripts, which can be executed on the server, leading to unauthorized access and potential data theft.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, including malicious executable files. Once these files are uploaded and executed on the server, they can cause significant security breaches, such as unauthorized server access and data theft. In this case, the vulnerability allows for remote code execution on the server.

Reproduction

The vulnerability can be reproduced by uploading a file through the 'employee_file201' parameter in the 'editemployee_process.php' file. This can be done by manipulating the file upload request to bypass the application's file validation checks. After the file is uploaded, its execution can be tested by accessing it through the web server and executing a command via a URL parameter, which will be returned in the response if the exploitation was successful.

Remediation

It is recommended to implement strict file validation measures, including checking file types against a whitelist, verifying file contents, and sanitizing MIME types. Additionally, uploaded files should be stored outside the web root or in directories where script execution is disabled.