May 2017 - Touhid's Blog

PlaySMS 1.4 Code Execution in sendfromfile.php

Post author:touhid
Post published:May 17, 2017
Post category:PoC
Post comments:2 Comments

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.…

Comments

Miro on Metasploitable3 Installing and Building (Step by Step)November 5, 2023
Hej bro, can you provide a link to get the OVA file, I run all the time into errors. I…
Matteo on Metasploitable3 Installing and Building (Step by Step)November 4, 2023
Hello, i would to tell the link for the .ova file is broken. Maybe you can update it.
Aki on Metasploitable3 Installing and Building (Step by Step)June 11, 2023
Hi, the link to Metaspoitable 3 isn't available ( OVA) could upload another link?
Keep your online assets safe with a solid understanding of DNS Records! As the b... - Bug Bounty Tips on Subdomain Takeover Explained with PracticalFebruary 13, 2023
[…] #DNSTechnologies is essential for #CyberSecurity professionals. For more on Subdomain Takeover touhidshaikh.com/blog/2019/01/s… #infosec #dnssecurity #bugbountytips Source by […]
Deidre on Pluck Walkthrough (VulnHub)May 14, 2021
Great post.