跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Online Student's Management System 1.0 - Remote Code Execution (Authenticated)

CHT丨情报收集
CHT丨情报收集
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: Online Student's Management System 1.0 - Remote Code Execution (Authenticated)
# Google Dork: N/A
# Date: 2020/10/18
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://www.sourcecodester.com/php/14490/online-students-management-system-php-full-source-code-2020.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/studentrecord_0.zip
# Version: 1.0
# Tested on: XAMPP 
# CVE : N/A

Proof of Concept:

1 - Go to http://localhost/studentrecord/ url, click "click here to sign in" text and login with the 070101:070101 information. 

2 - Then go to http: //localhost/studentrecord/my-profile.php and upload your shell file from the upload new photo section and click the update button.

3 - Finally, open your shell in http://localhost/studentrecord/staffphoto/shell.php

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。