Exploit/Advisories

Published on October 20th, 2020 📆 | 7524 Views ⚑

Online Student’s Management System 1.0 Shell Upload ≈ Packet Storm

https://www.ispeech.org

# Exploit Title: Online Student's Management System 1.0 - Remote Code Execution (Authenticated)
# Google Dork: N/A
# Date: 2020/10/18
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://www.sourcecodester.com/php/14490/online-students-management-system-php-full-source-code-2020.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/studentrecord_0.zip
# Version: 1.0
# Tested on: XAMPP 
# CVE : N/AProof of Concept:
1 - Go to http://localhost/studentrecord/ url, click "click here to sign in" text and login with the 070101:070101 information. 
2 - Then go to http: //localhost/studentrecord/my-profile.php and upload your shell file from the upload new photo section and click the update button.











3 - Finally, open your shell in http://localhost/studentrecord/staffphoto/shell.php

Source link

Tagged with: advisory • CSRF • exploit • management • online • overflow • packet • scanner • security • shell • storm • student • students • system • upload • vulnerability • whitepaper • XSS

Comments are closed.

Online Student’s Management System 1.0 Shell Upload ≈ Packet Storm

🌟 Your Account

🔔 Email Subscriptions

Get new posts by email

Donate Via Wallets

Popular

Gloss

☕️Social Media

👥Members

🌍 Forum Groups