Detronetdip E-commerce Remote Code Execution Vulnerability

A critical remote code execution vulnerability has been identified in Detronetdip E-commerce version 1.0.0. The issue arises from an unrestricted file upload feature in the seller profile section, specifically within the file '/seller/assets/backend/profile/addadhar.php'. The vulnerability allows attackers to upload malicious PHP files by manipulating the 'File' argument, bypassing client-side MIME type checks. Once uploaded, the malicious file can be executed on the server, leading to a full system compromise.

Impact

Exploitation of this vulnerability allows for remote code execution on the server. Uploaded PHP files are executed by the web server, granting attackers control over the server environment. This access can be used to execute system commands, manipulate files, and potentially compromise sensitive data or application integrity.

Reproduction

To reproduce this vulnerability, upload a file named 'shell.php' containing a PHP web shell payload through the 'addadhar.php' upload endpoint. Ensure to set the 'Content-Type' header to 'image/jpeg' to bypass the application's MIME type validation. After the file is uploaded, access it via the '/media/seller_profile/' directory to execute the payload.

Remediation

Implement secure file upload practices by validating file types on the server side, using a whitelist of allowed extensions, and preventing the execution of uploaded scripts. Additionally, add authentication checks to the backend scripts to ensure that only authorized users can perform sensitive actions.