Home Tools Exploits & CVE's eClass LMS 2.6 Shell Upload

eClass LMS 2.6 Shell Upload

December 1, 2020

1004

eClass LMS version 2.6 suffers from a remote shell upload vulnerability.

<--

# Exploit Title: eClass - Learning Management System Arbitrary File Upload
# Google Dork: N/A
# Date: 30/11/2020
# Exploit Author: Sohel Yousef - [email protected]
# Software Link:https://mediacity.co.in/eclass
# Software link 2:
https://codecanyon.net/item/eclass-learning-management-system/25613271
# Software Demo :https://mediacity.co.in/eclass/demo/public/
# Version:  ( Version 2.6 )
# Category: webapps

1. Description

eclass learning script contain arbitrary file upload
registered user can upload .php files in profile picture section without
any security

profile link :

localhost /eclass/demo/public/profile/show/

edit profile photo and upload php files and inspect element your php
direction

uploaded file direction

local host /eclass/demo/public/images/user_img/16067501901.php <---- random
id

just right click the photo and use inspect element you will have your
direction

#####

-->

eClass LMS 2.6 Shell Upload

Follow us on Instagram @thecyberpost

EDITOR PICKS

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

PHPGurukul Zoo Management System 1.0 Shell Upload

IPeakCMS 3.5 SQL Injection

F5 BIG-IP Authorization Bypass / User Creation