Ac1d D4ddy@campuscodi I looked at the PoC and have a few questions:
1. get_files() gets the files from the server without any cookies. I assume this is the path traversal. Is that right?
2. get_keys() uses an SQLi in the login to log in as admin (?) and then dumps the decryption keys. So is this a separate SQLi and a path traversal vulnerability used together to pwn the login page? Could you possibly get an RCE via SQli in the login page?
1. get_files() gets the files from the server without any cookies. I assume this is the path traversal. Is that right?
2. get_keys() uses an SQLi in the login to log in as admin (?) and then dumps the decryption keys. So is this a separate SQLi and a path traversal vulnerability used together to pwn the login page? Could you possibly get an RCE via SQli in the login page?
chebuya