Swamp 0.0.2 Remote File Inclusion

Swamp version 0.0.2 suffers from a remote file inclusion vulnerability.


MD5 | ed78debf59804ecb596f0281915cd00a

========================================================================
| # Title : Swamp v0.0.2 File inclusion vulnerability
| # Author : indoushka
| # email : [email protected]
| # Tested on : windows 10 FranASSais V.(Pro)
| # Version : v0.0.2
| # Vendor : https://github.com/wcchandler/swamp
| # Dork : n0
========================================================================

poc :

/swamp-master/frontend/index.php


line 13

$xmlstring = file_get_contents($conf);


http://127.0.0.1//swamp-master/frontend/?conf=Ev!l%00.jpg

Greetz : aua'>>a'1/2a'1/2a'dega'deg aua'degaua'degau a'>>a'*a'*auaua'>>------au-auau-a'deg a'degaua'degauPSaua'3a'>>au-------- aua'degauau!a'>>auau aua'degauaua'*oauaua'degau ------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz |
|
===================== pa'degaua'1/2a'>>au auauoauau aua'>>auauauauauauC/ =============================

Related Posts