Alumni Management System 1.0 Shell Upload

2020-12-18T00:00:00
ID PACKETSTORM:160610
Type packetstorm
Reporter Aakash Madaan
Modified 2020-12-18T00:00:00

Description

                                        
                                            `# Exploit Title: Alumni Management System 1.0 - Unrestricted File Upload To RCE  
# Exploit Author: Aakash Madaan  
# Date: 2020-12-17  
# Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14524&title=Alumni+Management+System+using+PHP%2FMySQL+with+Source+Code  
# Affected Version: Version 1  
# Tested on: Parrot OS  
  
Step 1. Login to the application with admin credentials  
  
Step 2. Click on "System Settings" page.  
  
Step 3. At the image upload field, browse and select any php webshell.  
Click on upload to upload the php webshell.  
  
Step 4. Visit "http://localhost/admin/assets/uploads/" and select your  
upload phpwebshell.  
  
Step 5. You should have a remote code execution.  
`