#####################################################
# Exploit Title: PARSTECH - Yazılım & Otomasyon Sistemleri Upload Shell Vuln.
# Date: 10.12.2020
# Vender Homepage : https://parstech.com.tr/
# Exploit Author: Nobody 
# Tested on: Windows - Linux / Mozilla Firefox 
#####################################################

# Exploit : 

Step 1 - Bypass Admin Panel - with NoRedirect
Step 2 - Go to the Genel Ayarlar Tab - /panel/genel-ayar.php
Step 3 - Scroll down the page. You will see the image upload area. Upload the .php file here as is.
Step 4 - You can find the .php file in this folder: /img/
You can learn the name of the shell file by examining the area where the picture is located in the admin panel.


# Demo: 
# http://binlercearaba.com/panel/ > http://binlercearaba.com/img/516791129.php


#####################################################

# SpyHackerZ.org