Description

OS command injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application, and typically fully compromise the application and all its data. Very often, an attacker can leverage an OS command injection vulnerability to compromise other parts of the hosting infrastructure, exploiting trust relationships to pivot the attack to other systems within the organization.

Proof of Concept

Step To Reproduce
- Login using Admin Creds. 
- Navigate tpo User Section then Add/Modify Users
- Change/Add image of profile and Select a Crafted Image file 
- Crafted image file Aka A image file which craft with PHP CODES for execution  
- File Extension of Crafted File is PHP7 like "Sample.php7"

POC BY @AggressiveUser

=> I attach two image files for easy to UnderStand POC Uploading Crafted Payload

Execution Of Payload

Impact

If successfully exploited OS Command Injection could allow an attacker or malicious user command execution on the target with the same permissions as the exploited web server. Depending on the configuration of the target, and level of security hardening that has been conducted (or lack there of) successful exploitation of this vulnerability could, potentially result in the attacker gaining complete control of the vulnerable system, exfiltrating sensitive data or performing privilege escalation / lateral movement.