A recent discovery by cybersecurity researcher indoushka has revealed a code injection vulnerability in MagnusBilling 6.x, a popular billing software used by many businesses. This vulnerability, if exploited, could allow remote attackers to execute malicious code on a target system.
The vulnerability was tested on a Windows 10 machine running Mozilla Firefox 130.0.2 (64-bit) and was found to be present on the official MagnusBilling website (https://www.magnusbilling.org/). The proof of concept for this vulnerability involves using Google or other search engines to identify potential targets, then using CURL to remotely execute commands on the target system.
Line 83 of the code is where the target URL is set, and the code is saved as poc.php. The payload for this code injection exploit includes a class called MagnusBillingExploit, which contains functions to execute commands and PHP code on the target system, upload a backdoor webshell, check if the target is vulnerable, and exploit the target.
One of the key functions in the exploit is executeCommand, which allows the attacker to execute commands on the target system by manipulating the URL to include the command to be executed. Another important function is uploadBackdoorWebShell, which uploads a malicious PHP webshell to the target system, providing the attacker with a backdoor for further exploitation.
To check whether a target system is vulnerable, the check function is used to send a request to the target URL and look for a specific response indicating the presence of MagnusBilling. If the target is confirmed to be vulnerable, the exploit function is then used to upload the backdoor webshell and gain access to the target system.
Overall, the vulnerability in MagnusBilling 6.x poses a significant risk to organizations using this software, as it could potentially allow malicious actors to take control of their systems. It is important for users of MagnusBilling to update to the latest version or apply patches provided by the vendor to mitigate the risk of exploitation.
In conclusion, cybersecurity researchers like indoushka play a crucial role in identifying and disclosing vulnerabilities in software products, helping to improve the overall security of the digital landscape. By staying vigilant and proactive in addressing security concerns, businesses and individuals can better protect themselves from potential threats.