- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 35223
- Проверка EDB
-
- Пройдено
- Автор
- HALIL DALABASMAZ
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2014-8997
- Дата публикации
- 2014-11-13
Код:
# Exploit Title: Digi Online Examination System Unrestricted File Upload Vulnerability
# Date: 12-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v2.0
# Software Link: http://codecanyon.net/item/digi-online-examination-system-does/8610180
# Software Test Link: http://s1.digitalvidhya.com/doesv2/
# Vulnerabilities Description:
===Unrestricted File Upload===
You can upload your shell from "Photo" section while register the system. And then chekc your shell from here; http://example.com/assets/uploads/images/shellname.php
=Solution=
Filter the files aganist to attacks.- Источник
- www.exploit-db.com
