Complaint management system 4.0 remote code execution Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-01-07 |
Type : webapps |
Platform : php
This exploit / vulnerability Complaint management system 4.0 remote code execution is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Complaint Management System 4.0 - Remote Code Execution
# Exploit Author: Metin Yunus Kandemir
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/complaint-management-sytem/
# Version: v4.0
# Category: Webapps
# Tested on: Xampp for Windows
# Description:
# There isn't any file extension control at the "Register Complaint" section of user panel.
# An unauthorized user can upload and execute php file.
# Below basic python script will bypass authentication and execute command on target server.