Alumni Management System 1.0 - Unrestricted File Upload To RCE

vendor:

Alumni Management System

by:

Aakash Madaan

9.8

CVSS

HIGH

Unrestricted File Upload

434

CWE

Product Name: Alumni Management System

Affected Version From: Version 1

Affected Version To: Version 1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Parrot OS

2020

Alumni Management System 1.0 – Unrestricted File Upload To RCE

An Unrestricted File Upload vulnerability in Alumni Management System 1.0 allows an attacker to upload a malicious PHP webshell to the server. By visiting the ‘/admin/assets/uploads/’ directory, the attacker can execute arbitrary code on the server.

Mitigation:

Ensure that the application validates the file type before uploading it to the server. Also, ensure that the application does not allow the execution of any malicious code uploaded to the server.

Source

Exploit-DB raw data:

# Exploit Title:  Alumni Management System 1.0 - Unrestricted File Upload To RCE
# Exploit Author: Aakash Madaan
# Date: 2020-12-17
# Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14524&title=Alumni+Management+System+using+PHP%2FMySQL+with+Source+Code
# Affected Version: Version 1
# Tested on: Parrot OS

Step 1. Login to the application with admin credentials

Step 2. Click on "System Settings" page.

Step 3. At the image upload field, browse and select any php webshell.
Click on upload to upload the php webshell.

Step 4. Visit "http://localhost/admin/assets/uploads/" and select your
upload phpwebshell.

Step 5. You should have a remote code execution.