This is a writeup describing an arbitrary file upload vulnerability in Best Top List by Szymon Kosok v. 2.11. The exploit allows an attacker to upload a malicious shell via banner-upload.php and access it at a predictable path.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Best Top List by Szymon Kosok v. 2.11
No auth needed
Prerequisites:access to the banner-upload.php endpoint