WHAT ARE YOU LOOKING FOR?

eClass LMS 2.6 Shell Upload ≈ Packet Storm

Roger Wilco Exploits 1 décembre 2020 Affichages : 650

<--

# Exploit Title: eClass - Learning Management System Arbitrary File Upload
# Google Dork: N/A
# Date: 30/11/2020
# Exploit Author: Sohel Yousef - Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
# Software Link:https://mediacity.co.in/eclass
# Software link 2:
https://codecanyon.net/item/eclass-learning-management-system/25613271
# Software Demo :https://mediacity.co.in/eclass/demo/public/
# Version: ( Version 2.6 )
# Category: webapps

1. Description

eclass learning script contain arbitrary file upload
registered user can upload .php files in profile picture section without
any security

profile link :

localhost /eclass/demo/public/profile/show/

edit profile photo and upload php files and inspect element your php
direction

uploaded file direction

local host /eclass/demo/public/images/user_img/16067501901.php <---- random
id

just right click the photo and use inspect element you will have your
direction

#####

-->

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.

"No secure path in the world"

WHAT ARE YOU LOOKING FOR?

eClass LMS 2.6 Shell Upload ≈ Packet Storm

Follow us on

Most popular

Tiki Wiki CMS Groupware 21.1 Authentication Bypass ≈ Packet Storm

Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection ≈ Packet Storm

Jcow Social Network Cross Site Scripting ≈ Packet Storm

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation ≈ Packet Storm

Phone Shop Sales Managements System 1.0 Shell Upload ≈ Packet Storm

Caldera: Red Team Emulation (Part 1)

Category

Popular Sections

About