游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile

Multiple,webapps,CVE-2020-28687

发布于2022年11月4日3年前

# Exploit Title: Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile
# Date: November 17th, 2020
# Exploit Author: Shahrukh Iqbal Mirza (@shahrukhiqbal24)
# Vendor Homepage: Source Code & Projects (https://code-projects.org)
# Software Link:  https://download.code-projects.org/details/9dfede24-03cc-42a8-b319-f666757ac7cf
# Version: 1.0
# Tested On: Windows 10 (XAMPP Server)
# CVE: CVE-2020-28687
--------------------
Proof of Concept:
--------------------
1. Authenticate as a user (or signup as an artist)
2. Go to edit profile
3. Upload a php-shell as profile picture and click update/save
4. Find your shell at 'http://<ip>/<base_url>/pictures/profile/<shell.php>' and get command execution