PlaySMS 1.4 Remote Code Execution(POC)

Code Execution using $filename Now We know sendfromfile.php accept any file extension and just read content not stored in server. But there is bug when user upload example: mybackdoor.php server accept happily but not store in any folder so our shell is useless. But if User change the file name to "mybackdoor.php" to "you_php_payload.csv" den server check for file and set some perameter $filename="you_php_payload.csv" , U can see code below and display $filename on page.