PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection. Unrestricted File Upload: Any registered user can upload any file because of not proper Validation of file in sendfromfile. Code…
2 CommentsHello guys, In this article.I am going to solve Very interesting Vulnerable Machine aka VM which teach me lots of things. Download Link : https://download.vulnhub.com/ewskuzzy/Ew_Skuzzy.ova.tgz Target IP : 192.168.56.101 Goal : Flag Level: Intermediate.Now lets start Information Gather Lets fire up Terminal and scan target using nmap nmap -p- -sV 192.168.56.101…
Leave a CommentHello Hackers. In this post I’ll show you some basic concepts of Remote File inclusion attack, know as RFI and talks about some RFI working and How to prevent those attacks from hackers or bad guys. What is RFI ? Remote file inclusion a.k.a RFI attack is a type of…
2 CommentsHello Hackers. Welcome to my another walkthrough. at this time we’ll look another VM, Pluck is a new VM in VulnHub and its very easy to hack. This Is very good for Newbie hackers for practice and explore their Hacking skills. We know Target IP : 10.0.0.15 (in my…
12 CommentsHello Hackers. Today we’ll walkthrough of PwnLAB. PwnLab is very interesting vulnerable vm for beginners hackers and pentester who refresh their skills. In this vm we face different types of web attacks and learn more as possible. Download Link : https://download.vulnhub.com/pwnlab/pwnlab_init.ova Goal : Flag: /root/flag.txt Difficulty: Low Now lets start Information Gather Step 1 :…
1 Comment