Alumni Management System 1.0 - Unrestricted File Upload To RCE

2020-12-19
ID: 103779
CVE: None
Download vulnerable application: None
# Exploit Title:  
# Exploit Author: Aakash Madaan
# Date: 2020-12-17
# Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14524&title=Alumni+Management+System+using+PHP%2FMySQL+with+Source+Code
# Affected Version: Version 1
# Tested on: Parrot OS

Step 1. Login to the application with admin credentials

Step 2. Click on "System Settings" page.

Step 3. At the image upload field, browse and select any php webshell.
Click on upload to upload the php webshell.

Step 4. Visit "http://localhost/admin/assets/uploads/" and select your
upload phpwebshell.

Step 5. You should have a remote code execution.
1-4-2 (www01)