Menu

Unauthenticated Code Execution on EDU websites

July 31, 2018 - Bugs

An Unauthenticated Shell Upload Vulnerability has been found on the vendor NextBarisal major clients are schools and other institution

# Use the dorks to find targets example: http://gournadigirlssc.edu.bd
# Go to dashboard and find media.php and upload your shell
# POC
http://gournadigirlssc.edu.bd/mrrobot.html
http://shalukasschool.edu.bd/mrrobot.html

Leave a Reply

Your email address will not be published. Required fields are marked *