# Title: Open Journal Systems Arbitrary File Upload # Author: Emyounoone # Google Dork: /index.php/journal # Date: 29/10/2021 # Vendor Homepage (Example): https://nur.hmu.edu.krd/index.php/journal # Tested on: Kali Linux | Cyberfox # Vulnerable Path: index.php/journal/ Exploit: You can upload a webshell onn using this exploit Firstly register as a writer on Open Journal Systems (OJS) and login it. After that you need to be a report a submission. While you are uploading a new submission you can upload a academical file on the web server. You can upload every file type on this part After you upladed a webshell : example: https://nur.hmu.edu.krd/index.php/journal/$$$call$$$/api/file/file-api/download-file?fileId=302&revision=1&submissionId=---114---&stageId=1 The result might be like this. After copy this link and paste anywhere: As we know submissionId=---114 is our file id : 114 (This is variable) You can acces your shell part using this id: https://nur.hmu.edu.krd/index.php/journal/files/journals/dir_number/articles/file_id(114)/submission/shell Result Example: https://nur.hmu.edu.krd/index.php/journal/files/journals/1/articles/114/submission/shell.php If you succeeded you can acces your shell