# Title: Open Journal Systems Arbitrary File Upload
# Author: Emyounoone
# Google Dork: /index.php/journal
# Date: 29/10/2021
# Vendor Homepage (Example): https://nur.hmu.edu.krd/index.php/journal
# Tested on: Kali Linux | Cyberfox
# Vulnerable Path: index.php/journal/

Exploit: 
You can upload a webshell onn using this exploit
Firstly register as a writer on Open Journal Systems (OJS) and login it. After that you need to be a report a submission. While you are uploading a new submission you can upload a academical file on the web server. You can upload every file type on this part 

After you upladed a webshell :

example: https://nur.hmu.edu.krd/index.php/journal/$$$call$$$/api/file/file-api/download-file?fileId=302&revision=1&submissionId=---114---&stageId=1

The result might be like this.

After copy this link and paste anywhere:

As we know submissionId=---114 is our file id : 114
(This is variable)

You can acces your shell part using this id:

https://nur.hmu.edu.krd/index.php/journal/files/journals/dir_number/articles/file_id(114)/submission/shell

Result Example:
https://nur.hmu.edu.krd/index.php/journal/files/journals/1/articles/114/submission/shell.php

If you succeeded you can acces your shell