Edb-ID: 51236 Cve: N/A Author: LSCP Responsible Disclosure Lab Type: Webapps Platform: PHP Date: 2023-04-05 Vulnerable App: PhotoShow 3.0 Exploit Details Title: PhotoShow 3.0 - Remote Code Execution Date: January 11, 2023 Author: LSCP Responsible Disclosure Lab Bug Description: https://lscp.llc/index.php/2021/07/19/how-white-box-hacking-works-remote-code-execution-and-stored-xss-in-photoshow-3-0/ Vendor Homepage: https://github.com/thibaud-rohmer Software Link: https://github.com/thibaud-rohmer/PhotoShow Version: 3.0 Tested on: Ubuntu 20.04 LTS Requirements: Credentials of a user with admin privileges Key Insights The vulnerability is a Remote Code Execution (RCE) in PhotoShow 3.0. The exploit leverages a specific parameter handling in the application to inject and execute arbitrary code. A legitimate user with admin privileges is required to log in and upload a malicious .mp4 file to trigger the RCE. The exploit code shown demonstrates the steps for logging in, setting up the environment, and uploading the malicious file to the target system.