[] NeoSense
E X P L O I T S
title author type platform port cve id

Digi Online Examination System 2.0 - Unrestricted Arbitrary File Upload

Author: Halil Dalabasmaz
type: webapps
platform: php
port: 80.0
date_added: 2014-11-13 
date_updated: 2014-11-13 
verified: 1 
codes: OSVDB-114604;CVE-2014-8997 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title:  Digi Online Examination System Unrestricted File Upload Vulnerability
# Date: 12-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v2.0
# Software Link: http://codecanyon.net/item/digi-online-examination-system-does/8610180
# Software Test Link: http://s1.digitalvidhya.com/doesv2/

# Vulnerabilities Description:

===Unrestricted File Upload===
You can upload your shell from "Photo" section while register the system. And then chekc your shell from here; http://example.com/assets/uploads/images/shellname.php

=Solution=
Filter the files aganist to attacks.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.