Tourism management system 1.0 arbitrary file upload Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-10-19 |
Type : webapps |
Platform : php
This exploit / vulnerability Tourism management system 1.0 arbitrary file upload is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#Exploit Title: Tourism Management System 1.0 - Arbitrary File Upload
#Date: 2020-10-19
#Exploit Author: Ankita Pal & Saurav Shukla
#Vendor Homepage: https://phpgurukul.com/tourism-management-system-free-download/
#Software Link: https://phpgurukul.com/?smd_process_download=1&download_id=7204
#Version: V1.0
#Tested on: Windows 10 + xampp v3.2.4
Proof of Concept:::
Step 1: Open the affected URL http://localhost:8081/Tourism%20Management%20System%20-TMS/tms/admin/create-package.php