====================================================================================================================================
| # Title     : eClass LMS v6.2.0 shell upload Vulnerability                                                                       |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   |
| # Vendor    : https://codecanyon.net/item/eclass-learning-management-system/25613271                                             |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] TAIF learning script contain arbitrary file upload
[+] registered user can upload .php files in profile picture section without any security
[+] profile link : localhost/demo/public/profile/show/
[+] profile link : /demo/public/profile/show/
[+] edit profile photo and upload php files and inspect element your php direction
[+] uploaded file direction :local host /demo/public/images/user_img/16067501901.php <---- random id
[+] just right click the photo and use inspect element you will have your direction
Greetings to :==================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |
================================================================

File Tags

• ActiveX (933)
• Advisory (86,597)
• Arbitrary (17,025)
• BBS (2,859)
• Bypass (1,898)
• CGI (1,047)
• Code Execution (7,867)
• Conference (691)
• Cracker (844)
• CSRF (3,418)
• DoS (25,183)
• Encryption (2,389)
• Exploit (54,093)
• File Inclusion (4,271)
• File Upload (1,006)
• Firewall (822)
• Info Disclosure (2,910)
• Intrusion Detection (916)
• Java (3,155)
• JavaScript (907)
• Kernel (7,249)
• Local (14,833)
• Magazine (587)
• Overflow (13,203)
• Perl (1,435)
• PHP (5,253)
• Proof of Concept (2,399)
• Protocol (3,745)
• Python (1,651)
• Remote (31,809)
• Root (3,668)
• Rootkit (529)
• Ruby (640)
• Scanner (1,657)
• Security Tool (8,035)
• Shell (3,295)
• Shellcode (1,219)
• Sniffer (904)
• Spoof (2,291)
• SQL Injection (16,692)
• TCP (2,462)
• Trojan (690)
• UDP (919)
• Virus (671)
• Vulnerability (33,046)
• Web (10,128)
• Whitepaper (3,782)
• x86 (969)
• XSS (18,277)
• Other

File Archives

• September 2024
• August 2024
• July 2024
• June 2024
• May 2024
• April 2024
• March 2024
• February 2024
• January 2024
• December 2023
• November 2023
• October 2023
• Older

Systems

• AIX (429)
• Apple (2,104)
• BSD (378)
• CentOS (61)
• Cisco (1,954)
• Debian (7,114)
• Fedora (1,693)
• FreeBSD (1,247)
• Gentoo (4,567)
• HPUX (880)
• iOS (387)
• iPhone (108)
• IRIX (220)
• Juniper (71)
• Linux (50,978)
• Mac OS X (696)
• Mandriva (3,105)
• NetBSD (256)
• OpenBSD (489)
• RedHat (16,661)
• Slackware (941)
• Solaris (1,614)
• SUSE (1,444)
• Ubuntu (9,794)
• UNIX (9,443)
• UnixWare (187)
• Windows (6,756)
• Other