# CVE-2018-19246 PHP-Proxy 5.1.0本地文件包含漏洞
==POC==
# Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion # Date: 2018-11-13 # Exploit Author: Ameer Pornillos # Contact: https://ethicalhackers.club # Vendor Homepage: https://www.php-proxy.com/ # Software Link: https://www.php-proxy.com/download/php-proxy.zip # Version: 5.1.0 # Category: Webapps # Tested on: XAMPP on Win10_x64 # Description: Downloadable pre-installed version of PHP-Proxy 5.1.0 # make use of a default app_key wherein can be used for local file inclusion # attacks. This can be used to generate encrypted string which # can gain access to arbitrary local files in the server. # http://php-proxy-site/index.php?q=[encrypted_string_value] # CVE: CVE-2018-19246 # POC: # 1) # Generate encrypted string value using the PHP script below # 2) # Browse to URL # http://php-proxy-site/index.php?q=[encrypted_string_value] # to read local file
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容