Authored by a-rey

Patient Appointment Scheduler System version 1.0 suffers from a remote shell upload vulnerability.

# Exploit Title: Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution (RCE)
# Date: 03/09/2021
# Exploit Author: a-rey
# Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14928
# Version: v1.0
# Tested on: Ubuntu 20.04.3 LTS (Focal Fossa) with XAMPP 8.0.10-0
# Exploit Write-Up: https://github.com/a-rey/exploits/blob/main/writeups/Patient_Appointment_Scheduler_System/v1.0/writeup.md

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

import os
import time
import logging
import requests
import argparse

BANNER = """
╔═════════════════════════════════════════════════════════════════════════════════════════════════╗
║ Patient Appointment Scheduler System v1.0 - Unauthenticated File Upload & Remote Code Execution ║
╚═════════════════════════════════════════════════════════════════════════════════════════════════╝
by: