Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Gym Management System Project- Arbitrary file upload vulnerability

College Attendance System (CAS) Published by SourceCodester There is an arbitrary file upload vulnerability.

Attackers can upload malicious scripts through this vulnerability to achieve the purpose of destroying the system to control the target machine.

The path where the file upload vulnerability exists is as follows

/mygym/admin/index.php?view_exercises

The pages with file upload vulnerabilities are as follows

Click edit to upload the Trojan file

image-20220810114412827

image-20220810115057099

The content of the uploaded one sentence Trojan horse

image-20220810114453515

The upload is successful, and the statement can be executed arbitrarily

image-20220810140040413

Link

https://www.sourcecodester.com/php/15515/gym-management-system-project-php.html