bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/49285.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

19 lines
No EOL
796 B
Text
Raw Blame History

# Exploit Title: Alumni Management System 1.0 - Unrestricted File Upload To RCE
# Exploit Author: Aakash Madaan
# Date: 2020-12-17
# Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14524&title=Alumni+Management+System+using+PHP%2FMySQL+with+Source+Code
# Affected Version: Version 1
# Tested on: Parrot OS
Step 1. Login to the application with admin credentials
Step 2. Click on "System Settings" page.
Step 3. At the image upload field, browse and select any php webshell.
Click on upload to upload the php webshell.
Step 4. Visit "http://localhost/admin/assets/uploads/" and select your
upload phpwebshell.
Step 5. You should have a remote code execution.
Reference in a new issue View git blame Copy permalink