How I Hacked My College (PART 3)

Hello Everyone, this is my last part and the best one to get RCE ( Remote Code Execution). I am happy to change the mindset of my College to look into Security where the Education department doesn’t take cybersecurity seriously unless and until they are hit by Cyber Criminals.

All those who are reading this story, I request every one to take security as a major part in their life, think twice while giving your data to anyone no matter it's your college because sometimes your data is given to third parties to handle and if they don't take major steps to secure your data you will be hacked easily.

Remote Code Execution — Smart but not Enough

What is Remote Code Execution?

Remote Code Execution (RCE) One of the most dangerous types of computer vulnerabilities. It allows an attacker to remotely run malicious code within the target system on the local network or over the Internet. Physical access to the device is not required.

I started hunting for RCE so I thought of uploading PHP shell, I had found an upload picture functionality where we were supposed to upload our profile picture, without wasting any time I created my PHP shell. Now to check the flow of upload functionality I uploaded a normal picture and I got following request,

and my profile was uploaded successfully.

Now to check whether PHP is accepted or not I uploaded my backdoor PHP shell file,