ae14b71248
16 changes to exploits/shellcodes Tourism Management System 1.0 - Arbitrary File Upload Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection Online Student's Management System 1.0 - Remote Code Execution (Authenticated) Online Discussion Forum Site 1.0 - XSS in Messaging System Online Job Portal 1.0 - Cross Site Scripting (Stored) HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal HiSilicon Video Encoders - RCE via unauthenticated command injection HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware HiSilicon Video Encoders - Full admin access via backdoor password HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS) Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields) Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated) Textpattern CMS 4.6.2 - Cross-site Request Forgery
17 lines
No EOL
844 B
Text
17 lines
No EOL
844 B
Text
# Exploit Title: Online Student's Management System 1.0 - Remote Code Execution (Authenticated)
|
||
# Google Dork: N/A
|
||
# Date: 2020/10/18
|
||
# Exploit Author: Akıner Kısa
|
||
# Vendor Homepage: https://www.sourcecodester.com/php/14490/online-students-management-system-php-full-source-code-2020.html
|
||
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/studentrecord_0.zip
|
||
# Version: 1.0
|
||
# Tested on: XAMPP
|
||
# CVE : N/A
|
||
|
||
Proof of Concept:
|
||
|
||
1 - Go to http://localhost/studentrecord/ url, click "click here to sign in" text and login with the 070101:070101 information.
|
||
|
||
2 - Then go to http: //localhost/studentrecord/my-profile.php and upload your shell file from the upload new photo section and click the update button.
|
||
|
||
3 - Finally, open your shell in http://localhost/studentrecord/staffphoto/shell.php |