Published: 13/11/2018 Updated: 13/12/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 506

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

PHP-Proxy 5.1.0 allows remote malicious users to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php-proxy php-proxy 5.1.0

# Exploit Title: PHP-Proxy 510 - Local File Inclusion # Date: 2018-11-13 # Exploit Author: Ameer Pornillos # Contact: ethicalhackersclub # Vendor Homepage: wwwphp-proxycom/ # Software Link: wwwphp-proxycom/download/php-proxyzip # Version: 510 # Category: Webapps # Tested on: XAMPP on Win10_x64 # Description: Downlo ...

PHP-Proxy version 510 suffers from a local file inclusion vulnerability ...

A web app to edit and simulate hack of websites.

Français : Hacklol Modifier est une application disponible sur navigateur web qui permet de modifier des sites Internet, en simulant un hack de celui-ci Elle dispose de nombreux outils, comme la possibilité de modifier les textes d'une page, de dessiner dessus, de la faire exploser, et bien plus L'application est disponible en français et en ang

CVE-2018-19246 Proof of Concept Usage docker build -t lucas/cve-2018-19246:010 docker run --rm -it -p 80:80 lucas/cve-2018-19246:010 python2 Pocsuite-208/pocsuitepy -u 1721701 -r PoCpy

CWE-200 https://github.com/Athlon1600/php-proxy-app/issues/134 https://www.exploit-db.com/exploits/45861/https://nvd.nist.gov https://www.exploit-db.com/exploits/45861/https://github.com/Eliastik/hacklol-modifier

CVE-2018-19246

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect