This exploit demonstrates a file upload restriction bypass in Job Portal 1.0, allowing authenticated users to upload a malicious PHP file disguised as an image, leading to remote code execution (RCE). The PoC includes a crafted HTTP request that bypasses server-side validation by manipulating the filename parameter while retaining the image content type.
Classification
Working Poc 95%
Target:
Job Portal 1.0
Auth required
Prerequisites:
Authenticated user access to the Job Portal application · Ability to intercept and modify HTTP requests (e.g., using Burp Suite or ZAP)