Exploit for eClass LMS 2.6 Shell Upload

Name: Exploit for eClass LMS 2.6 Shell Upload
Rating: 5 (438 reviews)

2020-12-01 | CVSS -0.4

## https://sploitus.com/exploit?id=PACKETSTORM:160283
<--  
  
# Exploit Title: eClass - Learning Management System Arbitrary File Upload  
# Google Dork: N/A  
# Date: 30/11/2020  
# Exploit Author: Sohel Yousef - sohel.yousef@yandex.com  
# Software Link:https://mediacity.co.in/eclass  
# Software link 2:  
https://codecanyon.net/item/eclass-learning-management-system/25613271  
# Software Demo :https://mediacity.co.in/eclass/demo/public/  
# Version: ( Version 2.6 )  
# Category: webapps  
  
1. Description  
  
eclass learning script contain arbitrary file upload  
registered user can upload .php files in profile picture section without  
any security  
  
profile link :  
  
localhost /eclass/demo/public/profile/show/  
  
edit profile photo and upload php files and inspect element your php  
direction  
  
uploaded file direction  
  
local host /eclass/demo/public/images/user_img/16067501901.php <---- random  
id  
  
just right click the photo and use inspect element you will have your  
direction  
  
#####  
  
-->