SOA - School Management System 3.0 Shell Upload
Posted on 04 September 2017
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # <!-- # Exploit Title: SOA - School Management System 3.0 - Arbitary file upload # Exploit Author: Ali BawazeEer || https://sa.linkedin.com/in/alibawazeeer # Dork: N/A # Date: 2.09.2017 # Vendor Homepage : https://ynetinteractive.com/ # Software Link: http://codecanyon.net/item/soa-school-management-software-with-integrated-parents-students-portal/20435367?s_rank=3 # Demo: http://demo.ynetinteractive.com/soa/ # version 3.0 # Category: Webapps /php # Tested on: mozila firefox # # --!> # ======================================================== # # # SOA - School Management System 3.0 - Arbitary file upload # # Description : attacker who has access to the administrative panel can upload arbitray file which may lead to total compromise of the web server # # Proof of Concept : - # # http://localhost/soa/administrator/Gallery.php # # upload shell in php no filter for file extenstion in place # # /soa/administrator/Gallery.php?album=1 # http://localhost/soa/media/uploads/your shell.php # # Risk : authenticated attacker will be able to compromise the entire server # # # ======================================================== # [+] Disclaimer # # Permission is hereby granted for the redistribution of this advisory, # provided that it is not altered except by reformatting it, and that due # credit is given. Permission is explicitly given for insertion in # vulnerability databases and similar, provided that due credit is given to # the author. The author is not responsible for any misuse of the information contained # herein and prohibits any malicious use of all security related information # or exploits by the author or elsewhere. # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
