The exploit demonstrates a Remote File Inclusion (RFI) vulnerability in asaher pro 1.0 by injecting malicious input into the 'row_y5_site_configuration[templates_folder]' parameter across multiple endpoints. The PoC provides specific URLs to exploit the vulnerability, allowing remote code execution by including arbitrary files.
Classification
Working Poc 90%
Target:
asaher pro 1.0
No auth needed
Prerequisites:
Network access to the target application · Ability to send crafted HTTP requests