Chamilo LMS Unauthenticated Big Upload File that allows remote code execution
CODE IS MADE AND USED FOR HACKTHEBOX CTF PERMX
Unauthenticated file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 that lets us upload any file to the server allowing us to upload a php reverse shell
This script allows us to get a reverse shell by creating the php shell file, uploading it on the server and starting a netcat listener
usage: python exploit.py <LOCAL_IP_ADDRESS>
the php reverse shell code is used form pentestmonkey https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php