BoxBilling <=184.108.40.206 - Authenticated Unrestricted File Upload - RCE in boxbilling/boxbilling
Sep 18th 2022
BoxBilling was vulnerable to Unrestricted File Upload. In order to exploit the vulnerability, an attacker must have a valid authenticated session as admin on the CMS. With at least 1 order of product an attacker can upload malicious file to hidden API endpoint that contain a webshell and get RCE.
Proof of Concept
Video POC :
An attacker can compromise the server by uploading the malicious file, and the vulnerability can be chained with other vulnerability (XSS,CSRF).