=============================================================================================================================================
| # Title : SchoolPlus v1.0 Remote File Upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |
| # Vendor : http://webpay.com.np/#Product |
=============================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] remote file upload : Uploaded malicious files can be run remotely
[+] use payload :
Add
[+] In the seventh line, we change the link to the target link.
[+] Link to the uploaded files : cms/image/gallery/
[+] The script renames the file to a number, and you always choose numbers starting from the number 9 and above.
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================