[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Responsive E-Learning System 1.0 - Unrestricted File Upload to Remote Code Execution Vulnerability

Author
Kshitiz Raj
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-35633
Category
web applications
Date add
06-01-2021
Platform
php
# Exploit Title: Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
# Exploit Author: Kshitiz Raj (manitorpotterk)
# Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=5172&title=Responsive+E-Learning+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested on: Windows 10/Kali Linux

Step 1 -  Login to the application with admin credentials.
Step 2 - Click on Student or go to http://localhost/elearning/admin/student.php
Step 3 - Click on Add Student and fill the required things.
Step 4 - In image upload any php reverse shell.
Step 5 - Visit "http://localhost/elearning/admin/uploads/" and select your uploaded PHP web shell.

#  0day.today [2024-12-24]  #