提出 #274336: oretnom23 Facebook News Feed Like using PHP/MySQL with Source Code v1.0 File upload bypass情報

タイトルoretnom23 Facebook News Feed Like using PHP/MySQL with Source Code v1.0 File upload bypass
説明# Exploit Title: Facebook News Feed Like using PHP/MySQL with Source Code File upload bypass in create new post functionality. # Exploit Author: Lakshaya Bawa # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html # Software Link: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html # Version: v1.0 # Tested on: Windows 11, Apache Description: A file upload bypass in create new post functionality. Steps: Step 1: Login into application. Step 2: Go to create post and upload any exe or malicious file by renaming it to .png extension. It was observed that application did not block the upload of malicious files.
ユーザー
 thesorcererkingainz (UID 33807)
送信2024年01月28日 15:57 (2 年 ago)
モデレーション2024年01月29日 14:31 (23 hours later)
ステータス承諾済み
VulDBエントリ252300 [SourceCodester Facebook News Feed Like 1.0 Post 特権昇格]
ポイント17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!