CVE-2020-25515
#Unrestricted File Upload in Simple Library Management System 1.0
#Vendor - https://www.sourcecodester.com
#Vulnerability Type - Unrestricted File Upload
#Affected Component - Books > New Book ,[ http:///lms/index.php?page=books] http:///lms/index.php?page=books
#Attack Type- Local
#Impact Code execution - true
#Attack Vectors
-
Login to Dashboard, go to Books tab and Add New Book.
-
in upload field, upload "php-reverse-shell" (https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php) instead of books.
-
listen in Kali terminal with port 1234, and then try to edit this card.
-
listen in Kali terminal with port 1234
-
if you didn't get shell, right click on broken image and open this, we can see our uploaded file is successfully executed and got connect back shell