Exploits / Vulnerability Discovered : 2023-05-05 |
Type : webapps |
Platform : php
This exploit / vulnerability Kodexplorer v4.51.03 pwnedadmin fileinclusion remote code execution (rce) is for educational purposes only and if it is used you will do on your own risk!
## Description:
By using this vulnerability remotely, the malicious pwned_admin can
list and manipulate all files inside the server. This is an absolutely
DANGEROUS and STUPID decision from the application owner! In this
scenario, the attacker prepares the machine for exploitation and sends
a link for remote execution by using the CURL protocol to his
supporter - another attacker. Then and he waits for execution from his
colleague, to mask his action or even more worst than ever. What a
nice hack is this! :)