This exploit demonstrates a PHP code injection and stored XSS vulnerability in BanManager WebUI 1.5.8. The vulnerability allows an attacker to inject arbitrary PHP code into the 'settings.php' file via unvalidated input parameters such as 'footer', 'buttons_before', and 'buttons_after'.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:BanManager WebUI 1.5.8
Auth required
Prerequisites:Access to the admin panel · Valid authentication credentials