==================================================================================================================================== | # Title : ERPGo SaaS CRM v3.3 Arbitrary File Upload Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit) | | # Vendor : https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 | | # Dork : "ERPGo SaaS" login | "All In One Business ERP With Project, Account, HRM, CRM" | “Attention is the new currency” The more effortless the writing looks, the more effort the writer actually put into the process. | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Use Payload : https://erpgo.127.0.0.1/ERPGo/register <====| Register New account [+] Go to your membership profile and upload a malicious file instead of an image <===| https://erpgo.127.0.0.1/erpgo-saas/profile [+] Your Ev!l = https://erpgo.127.0.0.1/erpgo-saas/storage/uploads/avatar/zip_1671699428.php Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | | =======================================================================================================================================