提交 #274336: oretnom23 Facebook News Feed Like using PHP/MySQL with Source Code v1.0 File upload bypass信息

标题oretnom23 Facebook News Feed Like using PHP/MySQL with Source Code v1.0 File upload bypass
描述# Exploit Title: Facebook News Feed Like using PHP/MySQL with Source Code File upload bypass in create new post functionality. # Exploit Author: Lakshaya Bawa # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html # Software Link: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html # Version: v1.0 # Tested on: Windows 11, Apache Description: A file upload bypass in create new post functionality. Steps: Step 1: Login into application. Step 2: Go to create post and upload any exe or malicious file by renaming it to .png extension. It was observed that application did not block the upload of malicious files.
用户
 thesorcererkingainz (UID 33807)
提交2024-01-28 15時57分 (2 年前)
管理2024-01-29 14時31分 (23 hours later)
状态已接受
VulDB条目252300 [SourceCodester Facebook News Feed Like 1.0 Post 权限提升]
积分17

Do you know our Splunk app?

Download it now for free!