====================================================================================================================================
| # Title     : TAIF LMS v5.8.0 shell upload Vulnerability                                                                         |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   |
| # Vendor    : http://lmsv3.mmgulf.com/public/                                                                                    |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] TAIF learning script contain arbitrary file upload
[+] registered user can upload .php files in profile picture section without any security
[+] profile link : localhost/demo/public/profile/show/
[+] profile link : /demo/public/profile/show/
[+] edit profile photo and upload php files and inspect element your php direction
[+] uploaded file direction :local host /demo/public/images/user_img/16067501901.php <---- random id
[+] just right click the photo and use inspect element you will have your direction
Greetings to :==================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |
================================================================

File Tags

• ActiveX (933)
• Advisory (86,109)
• Arbitrary (16,828)
• BBS (2,859)
• Bypass (1,853)
• CGI (1,033)
• Code Execution (7,779)
• Conference (691)
• Cracker (844)
• CSRF (3,380)
• DoS (24,997)
• Encryption (2,389)
• Exploit (53,065)
• File Inclusion (4,257)
• File Upload (989)
• Firewall (822)
• Info Disclosure (2,876)
• Intrusion Detection (914)
• Java (3,141)
• JavaScript (895)
• Kernel (7,167)
• Local (14,774)
• Magazine (586)
• Overflow (13,149)
• Perl (1,435)
• PHP (5,220)
• Proof of Concept (2,381)
• Protocol (3,723)
• Python (1,630)
• Remote (31,613)
• Root (3,625)
• Rootkit (525)
• Ruby (631)
• Scanner (1,657)
• Security Tool (8,022)
• Shell (3,271)
• Shellcode (1,217)
• Sniffer (902)
• Spoof (2,271)
• SQL Injection (16,588)
• TCP (2,440)
• Trojan (690)
• UDP (901)
• Virus (669)
• Vulnerability (32,900)
• Web (9,947)
• Whitepaper (3,781)
• x86 (967)
• XSS (18,236)
• Other

File Archives

• July 2024
• June 2024
• May 2024
• April 2024
• March 2024
• February 2024
• January 2024
• December 2023
• November 2023
• October 2023
• September 2023
• August 2023
• Older

Systems

• AIX (429)
• Apple (2,090)
• BSD (377)
• CentOS (58)
• Cisco (1,927)
• Debian (7,082)
• Fedora (1,693)
• FreeBSD (1,246)
• Gentoo (4,534)
• HPUX (880)
• iOS (376)
• iPhone (108)
• IRIX (220)
• Juniper (69)
• Linux (50,505)
• Mac OS X (691)
• Mandriva (3,105)
• NetBSD (256)
• OpenBSD (489)
• RedHat (16,383)
• Slackware (941)
• Solaris (1,611)
• SUSE (1,444)
• Ubuntu (9,686)
• UNIX (9,430)
• UnixWare (187)
• Windows (6,667)
• Other