Exploits / Vulnerability Discovered : 2019-06-24 |
Type : webapps |
Platform : php
This exploit / vulnerability Seeddms versions < 5.1.11 remote command execution is for educational purposes only and if it is used you will do on your own risk!
Step 1: Login to the application and under any folder add a document.
Step 2: Choose the document as a simple php backdoor file or any backdoor/webshell could be used.
Step 3: Now after uploading the file check the document id corresponding to the document.
Step 4: Now go to example.com/data/1048576/"document_id"/1.php?cmd=cat+/etc/passwd to get the command response in browser.
Note: Here "data" and "1048576" are default folders where the uploaded files are getting saved.