PlaySMS sendfromfile.php Code Execution
Posted by deepcore on May 8, 2018 – 10:40 am
This Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This Metasploit module was tested against PlaySMS 1.4 on VulnHub’s Dina 1.0 machine and Windows 7.
Post a reply
You must be logged in to post a comment.