| शीर्षक | oretnom23 Facebook News Feed Like using PHP/MySQL with Source Code v1.0 File upload bypass |
|---|
| विवरण | # Exploit Title: Facebook News Feed Like using PHP/MySQL with Source Code File upload bypass in create new post functionality.
# Exploit Author: Lakshaya Bawa
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description: A file upload bypass in create new post functionality.
Steps:
Step 1: Login into application.
Step 2: Go to create post and upload any exe or malicious file by renaming it to .png extension. It was observed that application did not block the upload of malicious files. |
|---|
| उपयोगकर्ता | thesorcererkingainz (UID 33807) |
|---|
| सबमिशन | 28/01/2024 03:57 PM (2 साल पहले) |
|---|
| संयम | 29/01/2024 02:31 PM (23 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 252300 [SourceCodester Facebook News Feed Like 1.0 Post अधिकार वृद्धि] |
|---|
| अंक | 17 |
|---|