itsourcecode Free Hotel Reservation System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file upload has been identified in itsourcecode Free Hotel Reservation System version 1.0. The issue resides in the file '/admin/mod_amenities/index.php?view=add', where the backend fails to properly validate the file extension and content of uploaded files. This flaw enables attackers to upload arbitrary files, such as PHP scripts, which can be executed to perform malicious actions. The vulnerability can be exploited remotely, potentially leading to unauthorized access and execution of commands on the server.

Impact

Exploitation of this vulnerability allows for arbitrary file upload, which can be used to upload and execute malicious PHP files, resulting in remote code execution. This could lead to a complete compromise of the system, including theft or destruction of sensitive data, deployment of malware, and disruption of hotel reservation services.

Reproduction

To reproduce this vulnerability, navigate to the '/admin/mod_amenities/index.php?view=add' page. Upload a file through the 'image' parameter, bypassing any file type restrictions. The uploaded file can be a PHP script containing malicious code, such as a web shell. Once uploaded, the file can be accessed and executed, leading to remote code execution on the server.

Remediation

It is recommended to implement server-side validation of file uploads by whitelisting allowed file extensions, validating file content, renaming uploaded files to prevent execution of malicious scripts, restricting upload directory permissions, hiding file paths from users, and enforcing strong access controls to limit upload functionality to authorized administrators.