exploitdb
WRITEUP
VERIFIED
by KorsaN · textwebappsphp
https://www.exploit-db.com/exploits/28800
The provided text describes a remote file inclusion vulnerability in Bloq version 0.5.4, where insufficient sanitization of user-supplied data in the 'page[path]' parameter allows remote code execution. The example URL demonstrates how an attacker could exploit this by including a malicious file.
Classification
Writeup 80%
Target:
Bloq 0.5.4
No auth needed
Prerequisites:
Network access to the target application · Ability to host a malicious file on a remote server
exploitdb
WRITEUP
VERIFIED
by KorsaN · textwebappsphp
https://www.exploit-db.com/exploits/28799
The code describes a remote file inclusion vulnerability in Bloq version 0.5.4, where insufficient sanitization of user-supplied data allows an attacker to include remote files via the 'page[path]' parameter in rss.php. This could lead to remote code execution if the attacker controls the included file.
Classification
Writeup 80%
Target:
Bloq 0.5.4
No auth needed
Prerequisites:
Remote file inclusion must be enabled on the server · Attacker must be able to host a malicious file on a remote server
exploitdb
WRITEUP
VERIFIED
by KorsaN · textwebappsphp
https://www.exploit-db.com/exploits/28801
The provided text describes a remote file inclusion vulnerability in Bloq version 0.5.4, where insufficient sanitization of user-supplied data in the 'page[path]' parameter allows remote code execution. The example URL demonstrates how an attacker could include a remote file with arbitrary commands.
Classification
Writeup 80%
Target:
Bloq 0.5.4
No auth needed
Prerequisites:
Network access to the target application · Remote file hosting capability
exploitdb
WRITEUP
VERIFIED
by KorsaN · textwebappsphp
https://www.exploit-db.com/exploits/28797
The provided text describes a remote file inclusion vulnerability in Bloq 0.5.4, where unsanitized user input in the 'page[path]' parameter allows arbitrary file inclusion. The example URL demonstrates how an attacker could execute commands via a remote file.
Classification
Writeup 80%
Target:
Bloq 0.5.4
No auth needed
Prerequisites:
Network access to the target application · Ability to host a malicious file on a remote server
exploitdb
WORKING POC
VERIFIED
by KorsaN · textwebappsphp
https://www.exploit-db.com/exploits/28798
This exploit demonstrates a remote file inclusion vulnerability in Bloq 0.5.4 by injecting a malicious URL into the 'page[path]' parameter, allowing arbitrary command execution via a remote file.
Classification
Working Poc 90%
Target:
Bloq 0.5.4
No auth needed
Prerequisites:
Remote file hosting with malicious payload · Network access to the target application
exploitdb
WRITEUP
VERIFIED
by KorsaN · textwebappsphp
https://www.exploit-db.com/exploits/28802
The code describes a remote file inclusion vulnerability in Bloq 0.5.4 due to insufficient sanitization of user-supplied data in the 'page[path]' parameter. An attacker can exploit this to include remote files and execute arbitrary commands.
Classification
Writeup 80%
Target:
Bloq 0.5.4
No auth needed
Prerequisites:
Access to the vulnerable endpoint · Remote file hosting capability