CVE-2021-46013

An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "" gets uploaded it is saved into /uploads/examquestion/...

CVE-2021-46013

An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "" gets uploaded it is saved into /uploads/examquestion/...

Free School Management Software 1.0 - Remote Code Execution Vulnerability

Exploit Title: Free School Management Software 1.0 - Remote Code Execution RCE Exploit Author: fuuzap1 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...

CVE-2021-42669

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboardteacher.php, which allows changing the avatar through teacheravatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By...

Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload

Exploit Title: Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload Date: 03/09/2021 Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link:...

NetModule Router Software 日志信息泄露漏洞

NetModule Router Software is a router for NetModule. A security vulnerability exists in NetModule Router Software due to the interface support for an optional "CLI-PHP" feature, which is essentially a PHP webshell that requires The vulnerability stems from the interface supporting an optional...

slopShell - The Only Php Webshell You Need

php webshell Since I derped, and forgot to talk about usage. Here goes. For this shell to work, you need 2 things, a victim that allows php file uploadyourself, in an educational environment and a way to send http requests to this webshell. Basic Usage VideoHosted on Youtube: Current VT Detection...

Cross site scripting

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...

Alumni Management System 1.0 - Unrestricted File Upload To RCE

Exploit Title: Alumni Management System 1.0 - Unrestricted File Upload To RCE Exploit Author: Aakash Madaan Date: 2020-12-17 Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...

CVE-2020-23828

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution RCE on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses...

ACal 2.2.6 Remote Code Execution Exploit

Exploit Title: ACal v2.2.6 - 1-Click Remote Code Execution Exploit Author: Bobby Cooke Date: May 14th, 2020 Vendor Homepage: http://acalproj.sourceforge.net/ Software Link: http://prdownloads.sourceforge.net/acalproj/ACal-2.2.6.tar.gz?download Version: 2.2.6 Tested On: Windows 10 Pro 1909 x6486 +...

File Upload Vulnerability in Blue Route Blog System

Shenzhen Blue Route Technology Co., Ltd, provides cloud computing products, cloud computing solutions, enterprise cloud application software, etc., is committed to providing customers with professional cloud services. Blue Route blog system file upload vulnerability, attackers can use the...

B4Tm4N - PHP WEBSHELL

Features 0 File Manager 1 Sec. Info 2 Simply Database 3 Interactive terminal 4 PHP Reverse Back Connect 5 Run PHP Code 6 Custom Toolz 7 Self Script Encryptor ! Download B4Tm4N...

File Upload Vulnerability in QYKCMS Version 4.3.2

QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS 4.3.2 version of the file upload vulnerability, the vulnerability stems from the server side did not filter the file content, the attacker can bypass the client-side detection of the direct...

D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities

Table of contents 00 - Introduction 00.1 Background 01 - Unrestricted File Upload 01.1 - Vulnerable code analysis 01.2 - Remote exploitation 02 - Command Injection 02.1 - Vulnerable code analysis 02.2 - Remote exploitation 03 - Credit 04 - Proof of concept 05 - Solution 06 - Contact information 0...

b374k 3.2.3 2.8 CSRF / Command Injection Vulnerabilities

b374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection. Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list code.google.com/archive/p/b374k-shell/...

zen cart 1.38 a multi-exploit-vulnerability warning-the black bar safety net

Vulnerability 1, The form id="frmUpload" enctype="multipart/form-data" action="" method="post" Upload a new file:br input type="file" name="NewFile" size="5 0"br input id="btnUpload" type="submit" value="Upload" /form We test under power. Directly to upload a PHP WEBSHELL to the IMAGES...

Month Of Abysssec Undisclosed Bugs - InterPhoto Gallery 2.4.0

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 6 0day | | | | || / \ || | | | || ||// \/|/ ''' - Title : InterPhoto Gallery Multiple Remote Vulnerabilities - Affected Version : = 2.4.0 - Vendor Site : http://www.weensoft.com - Discovery :Abysssec.com -...

Use google to conduct“penetration testing”-vulnerability warning-the black bar safety net

One, use google to find is people who installed a php webshell back door of the host, and test the ability to use; Second, use google to find exposed INC sensitive information. OK, now we start: 1. Lookup using a php webshell We in the google search box fill in: Code: intitle:"php shell" "Enable...

Use google to carry out penetration testing-vulnerability warning-the black bar safety net

Today we are penetration testers in the implementation of the attack before, often the first information-gathering, which is the vulnerability is confirmed and the final exploits, expanding the war fruit. Here we are now going to talk about is: One, use google to find is people who installed a ph...