$15,000 bounty : Remote Code Execution via File Upload Vulnerability | POC | Bug Bounty 2023
27,597
Published 2023-07-01
CVE-2023-3491
#BugBounty #EthicalHacking #penetrationtesting #RemoteCodeExecution
#FileUploadVulnerability
#BugBounty
#EthicalHacking
#WebSecurity
#Cybersecurity
#POC
#VulnerabilityResearch
#ServerSideInjection
#HackerCommunity
#BugHunting
#SecurityFlaw
#Exploit
#WebApplicationSecurity
#CyberAwareness
All Comments (21)
-
Thats a great find. Now I will be extra suspicious whenever I see a multipart form.
-
crazy job!
-
Awesome! Wouldn't have thought to try that, great find!
-
With cracked burpsuite xD nice job !
-
That's amazing 😍
-
Nais <3
-
awesome
-
this is a mad one
-
where did you learn to add data like this? is there a video covering this for me to learn from?
-
Hi, is there a bug bounty program for fossbilling or the target uses it on their domains?
-
Just tell me why you enter/assets
-
how do you know it stored in asset directory if it's not avail for local environment testing how you know that
-
where can i contact you to get the payload file please ? very good job bro !!!!!!
-
brother can you suggest how do you know the file uploaded path??
-
this work on foss billing or else where also?
-
bhai isme yea kaise pta chla ke file ka path kha hai jo apne traf se bna kr upload ke hai ....?
-
why you add ------------------------------------611111191919101010 that line again in request before php code? explain me bro and how you exact path themes/huraga/assets ?
-
How did you connect it with docker
-
nice find :face-turquoise-covering-eyes:
-
How to find where is file gone after upload?