Exploit for Complaint Management System 1.0 Shell Upload

Name: Exploit for Complaint Management System 1.0 Shell Upload
Rating: 5 (484 reviews)

2020-11-18 | CVSS -0.3

## https://sploitus.com/exploit?id=PACKETSTORM:160122
************************************************************************************  
# Title: Complaint Management System v1.0- unrestricted file upload leading to RCE  
# Exploit Author: Mohamed Elobeid (0b3!d)  
# Date: 2020-08-21  
# Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14206&title=Complaint+Management+System  
# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4  
# Description: Users can upload php files and then can execute these file from the url http://target/Complaint%20Management%20System/users/complaintdocs/phpinfo.php leading to RCE .  
  
#POC  
  
1-create phpinfo.php with the content "<?php phpinfo(); ?>""  
2-login as a normal user, register a new compliant and attach phpinfo.php   
3--browse your submitted complaint and view the attached file  
  
************************************************************************************************