This exploit targets a Remote File Include (RFI) vulnerability in gpEasy <= 1.5RC3 by manipulating the 'rootDir' parameter in admin_password.php to include a remote shell. The PoC demonstrates how an attacker can execute arbitrary code by injecting a malicious URL.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:gpEasy <= 1.5RC3
No auth needed
Prerequisites:Remote shell accessible via URL · Target server with allow_url_include enabled