Simple College Website 1.0 — Unauthenticated Arbitrary File Upload RCE

Photo by Florian Olivo on Unsplash

Root cause Analysis and Hacking

admin_class.php
manage_page.php
Burp Req/Res
Creating proof.php
session is set to null

PoC

Exploit

Remediation

  1. Authentication of requests made by the user.
  2. Checking for filename when creating it.
  3. Input sanitisation and validation.

Unlisted

--

--

What could be more fun than breaking stuffs!!!

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gowthamaraj

Gowthamaraj

What could be more fun than breaking stuffs!!!