| Title | Monitorr Monitorr 1.0 upload file lead to Remote code execution in monitorr |
|---|
| Description | Description
The code is vulnerable to uploading malicious files like PHP files and leads to Remote Code Execution also it can upload the PHP file without needing to be login
Steps to the procedure
1- intercept the request for uploading images
2- edit the extension of the file to `file.php`
3- inject the PHP code inside the body of the image
4- access the path of the shell you upload and execute a command on the server
at all this procedure can be done without no need for a session of the user
|
|---|
| Source | ⚠️ https://drive.google.com/file/d/1C6_4A-96BtR9VTNSadUY09ErroqLEVJ4/view?usp=sharing |
|---|
| User | torada (ID 61170) |
|---|
| Submission | 2024-01-09 18:11 (5 months ago) |
|---|
| Moderation | 2024-01-19 07:51 (10 days later) |
|---|
| Status | Aceptado |
|---|
| VulDB Entry | 251539 |
|---|