Exploits / Vulnerability Discovered : 2019-09-26 |
Type : webapps |
Platform : php
This exploit / vulnerability Chamillo lms 1.11.8 arbitrary file upload is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Chamillo LMS 1.11.8 - Arbitrary File Upload
# Google Dork: "powered by chamilo"
# Date: 2018-10-05
# Exploit Author: Sohel Yousef jellyfish security team
# Software Link: https://chamilo.org/en/download/
# Version: Chamilo 1.11.8 or lower to 1.8
# Category: webapps
# 1. Description
# Any registered user can upload files and rename and change the file type to
# php5 or php7 by ckeditor module in my files section
# register here :
# http://localhost/chamilo//main/auth/inscription.php
# after registration you can view this sections
# http://localhost/chamilo/main/social/myfiles.php
# http://localhost/chamilo/main/inc/lib/elfinder/filemanager.php?&CKEditor=content&CKEditorFuncNum=0
# upload your shell in gif format and then rename the format
# if the rename function was desabled and add this GIF89;aGIF89;aGIF89;a before <?PHP
# to be like this for examlple