# Exploit Title: college management system - Arbitrary File Upload (Unauthenticated) # Date: 01/10/2021 # Exploit Author: Abdulrahman https://twitter.com/infosec_90 # Vendor Homepage: https://www.eedunext.com/ # Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ # Version: 1.0 # Tested on: Kali Linux in Admin/student.php in line 1 : in Admin/student.php line 77: $profile_image = $_FILES['profile_image']['name'];$tmp_name=$_FILES['profile_image']['tmp_name'];$path = "images/".$profile_image;move_uploaded_file($tmp_name, $path); $matric_certificate = $_FILES['matric_certificate']['name'];$tmp_name=$_FILES['matric_certificate']['tmp_name'];$path = "images/".$matric_certificate;move_uploaded_file($tmp_name, $path); $fa_certificate = $_FILES['fa_certificate']['name'];$tmp_name=$_FILES['fa_certificate']['tmp_name'];$path = "images/".$fa_certificate;move_uploaded_file($tmp_name, $path); $ba_certificate = $_FILES['ba_certificate']['name'];$tmp_name=$_FILES['ba_certificate']['tmp_name'];$path = "images/".$ba_certificate;move_uploaded_file($tmp_name, $path); POC fileupload.html: exploit - file upload
link upload : http://127.0.0.1/2/College-Management-System/Admin/images/@infosec_90.php