Restaurant Management System 1.0 Arbitrary File Upload

    Disclosure date: 10/24/19


    Restaurant Management System 1.0 is affected by a vulnerability which allows an authenticated attacker to upload arbitrary files which can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input.

    From the Add a New Food page, we browse to our reverse shell:

    When we choose add, we see our new addition:

    With our handler setup, we catch our reverse shell:

    Cybersecurity solutions for small businesses.

    © 2021 Seven Layer Networks, Inc. | All rights reserved.