Church management system 1.0 arbitrary file upload (authenticated) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-07-05 |
Type : webapps |
Platform : php
This exploit / vulnerability Church management system 1.0 arbitrary file upload (authenticated) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated)
# Date: 07/03/2021
# Exploit Author: Murat DEMIRCI (@butterflyhunt3r)
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/11206/church-management-system.html
# Version: 1.0
# Tested on: Windows 10
# CVE : N/A
# Proof of Concept :
1- Login any user account and change profile picture.
2- Upload any php shell by altering it's extension to .jpg or .png. (i.e test.php.jpg)
3- Before uploading your file, intercept your traffic by using any proxy.
4- Change test.php.jpg file to test.php and click forward.
5- Find your test.php file path and try any command.
Host Name: MRT
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19043 N/A Build 19043
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Murat
System Boot Time: 6/25/2021, 2:51:40 PM
System Manufacturer: Dell Inc.
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.