| # Title : ERPGo SaaS CRM v3.3 Arbitrary File Upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit) |
| # Vendor : https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 |
| # Dork : "ERPGo SaaS" login |
"All In One Business ERP With Project, Account, HRM, CRM" |
“Attention is the new currency” The more effortless the writing looks, the more effort the writer actually put into the process. |
====================================================================================================================================
poc :
[+] Dorking Ä°n Google Or Other Search Enggine.
[+] Use Payload : https://erpgo.127.0.0.1/ERPGo/register <====| Register New account
[+] Go to your membership profile and upload a malicious file instead of an image <===| https://erpgo.127.0.0.1/erpgo-saas/profile
[+] Your Ev!l = https://erpgo.127.0.0.1/erpgo-saas/storage/uploads/avatar/zip_1671699428.php
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet |
|
=======================================================================================================================================