Open ghost opened 7 years ago
/remotedownload.php
$file = @file_get_contents($_POST['file']); $header = @get_headers($_POST['file'], 1); if ($file !== false && stripos($header[0], '200') !== false) {
Obviously, $_POST['file'] could be within intranet ip range, eg. file=http%3A%2F%2F192.168.1.1%2Fvulnerable-router.php, thus exposing a great attack surface.
/remotedownload.php
Obviously, $_POST['file'] could be within intranet ip range, eg. file=http%3A%2F%2F192.168.1.1%2Fvulnerable-router.php, thus exposing a great attack surface.