************************************************************************************ # Title: Complaint Management System v1.0- unrestricted file upload leading to RCE # Exploit Author: Mohamed Elobeid (0b3!d) # Date: 2020-08-21 # Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html # Software Link: https://www.sourcecodester.com/download-code?nid=14206&title=Complaint+Management+System # Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4 # Description: Users can upload php files and then can execute these file from the url http://target/Complaint%20Management%20System/users/complaintdocs/phpinfo.php leading to RCE . #POC 1-create phpinfo.php with the content """ 2-login as a normal user, register a new compliant and attach phpinfo.php 3--browse your submitted complaint and view the attached file ************************************************************************************************