Car rental project 2.0 arbitrary file upload to remote code execution Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-02-03 |
Type : webapps |
Platform : php
This exploit / vulnerability Car rental project 2.0 arbitrary file upload to remote code execution is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution
# Date: 3/2/2021
# Exploit Author: Jannick Tiger
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/
# Version: V 2.0
# Tested on Windows 10, XAMPP
# Uploaded Malicious File can be Found in :
carrental\admin\img\vehicleimages\1.php
# go to http://localhost/carrental/admin/img/vehicleimages/1.php, Execute malicious code via post value phpinfo();
Car rental project 2.0 arbitrary file upload to remote code execution