Digi Online Examination System 2.0 – Unrestricted Arbitrary File Upload

Exploit Database
84 阅读

作者： Halil Dalabasmaz

日期： 2014-11-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35223/

# Exploit Title:Digi Online Examination System Unrestricted File Upload Vulnerability
# Date: 12-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v2.0
# Software Link: http://codecanyon.net/item/digi-online-examination-system-does/8610180
# Software Test Link: http://s1.digitalvidhya.com/doesv2/

# Vulnerabilities Description:

===Unrestricted File Upload===
You can upload your shell from "Photo" section while register the system. And then chekc your shell from here; http://example.com/assets/uploads/images/shellname.php

=Solution=
Filter the files aganist to attacks.

last Exploits
Digi Online Examination System 2.0 – Unrestricted Arbitrary File Upload的更多信息

BoutikOne – ‘rss_news.php?lang’ SQL Injection：
WordPress Plugin Popup Maker 1.16.5 – Stored Cross-Site Scripting (Authenticated)：
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 – Command Injection (Authenticated)：
GeoVision (GeoHttpServer) Webcams – Remote File Disclosure：
Library CMS Powerful Book Management System 2.2.0 – Session Fixation：
Chamillo LMS 1.11.8 – Arbitrary File Upload：
Ampache 3.5.4 – ‘login.php’ Cross-Site Scripting：
GoAutoDial CE 2.0 – Arbitrary File Upload：