Archeevo 5.0 Local File Inclusion

Archeevo version 5.0 suffers from a local file inclusion vulnerability.

MD5 | d4916c25ed879d611b512e54a177db61

# Exploit Title: Archeevo 5.0 - Local File Inclusion
# Google Dork: intitle:"archeevo"
# Date: 01/15/2021
# Exploit Author: Miguel Santareno
# Vendor Homepage:
# Software Link:
# Version: < 5.0
# Tested on: windows

# 1. Description

Unauthenticated user can exploit LFI vulnerability in file parameter.

# 2. Proof of Concept (PoC)

Access a page that don’t exist like /test.aspx and then you will be redirected to

After that change the file /FileNotFoundPage.html to /web.config and you be able to see the
/web.config file of the application.

# 3. Research:

Related Posts