Skip to content

Latest commit

 

History

History
18 lines (14 loc) · 941 Bytes

Arbitrary-File-Upload-Vulnerability.md

File metadata and controls

18 lines (14 loc) · 941 Bytes

Garage Management System By mayuri_k - Arbitrary File Upload Vulnerability

  • Exploit Author: zerrr0

Vendor Homepage

Description

  • An arbitrary file upload vulnerability in the select product image function of Garage Management System by mayuri_k allows attackers to execute arbitrary code via a malicious PHP file.
  • Vulnerability file: /php_action/createProduct.php

Proof of Concept (PoC) :

  1. Goto: http://localhost/garage/login.php
  2. Login as admin using test credentials: mayuri.infospace@gmail.com/rootadmin
  3. Goto: http://localhost/garage/add-product.php
  4. Add Product -> Product Image image image