<pre><code>====================================================================================================================================<br />| # Title : TAIF LMS v5.8.0 shell upload Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : http://lmsv3.mmgulf.com/public/ |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] TAIF learning script contain arbitrary file upload<br /><br />[+] registered user can upload .php files in profile picture section without any security<br /><br />[+] profile link : localhost/demo/public/profile/show/<br /><br />[+] profile link : /demo/public/profile/show/<br /><br />[+] edit profile photo and upload php files and inspect element your php direction<br /><br />[+] uploaded file direction :local host /demo/public/images/user_img/16067501901.php <---- random id<br /><br />[+] just right click the photo and use inspect element you will have your direction<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>