This exploit demonstrates an authenticated arbitrary PHP code execution vulnerability in Croogo 2.0.0 by uploading a malicious PHP file through the file manager functionality. It includes authentication handling, CSRF token retrieval, and file upload via multipart/form-data.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:Croogo 2.0.0
Auth required
Prerequisites:Valid credentials for Croogo admin panel · Network access to the target