php-ocls Online Computer and Laptop Store 1.0 allows Unrestricted file upload and can lead to remote code execution. The vulnerability located in /classes/Users.php?f=save. The name of the uploaded file can be easily obtained through the timestamp.
- Send the request and note when it was sent.
- Calculate the timestamp.
import time
timeArray = time.strptime('2023-04-24 13:40:00', "%Y-%m-%d %H:%M:%S")
time_format= time.mktime(timeArray)
print(int(time_format))