47 matches found
Inadequate Encryption Strength
The strrotpass function in PHP-Proxy uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion...
Cross-site Scripting
PHP-Proxy has Cross-Site Scripting XSS via the URL field in index.php...
CVE-2018-19785
PHP-Proxy through 5.1.0 has Cross-Site Scripting XSS via the URL field in index.php...
CVE-2018-19784
The CVE-2018-19784 entry concerns PHP-Proxy 5.1.0, where the str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php uses weak cryptography. This weak crypto can allow an attacker to compute the authorization data needed for a local file inclusion (LFI). The issue is documented acros...
Local File Inclusion (LFI)
athlon1600/php-proxy-app is vulnerable to local file inclusion LFI attacks. The vulnerability exists due to the ability to include file:/// in the value of q, which allows unauthenticated users to read local files...
CVE-2018-19458
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246...
Authentication flaw
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246...
CVE-2018-19458
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246...
CVE-2018-19458
PHP Proxy 3.0.3 is vulnerable to Local File Inclusion via index.php?q=file:///, allowing unauthenticated reading of server files (CVE-2018-19458). The Nuclei template confirms LFI in PHP Proxy 3.0.3 and cites unauthenticated access. Impact as described: read arbitrary files on the server; exploit...
Improper Authentication
In PHP Proxy, any user can read files from the server without authentication...
PHP-Proxy 5.1.0 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1...
PHP-Proxy 5.1.0 - Local File Inclusion
PHP-Proxy 5.1.0 - Local File Inclusion Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version:...
PHP-Proxy 5.1.0 - Local File Inclusion
Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1.0 Category: Webapps Tested on: XAMPP...
PHP-Proxy 5.1.0 Local File Inclusion
Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1.0 Category: Webapps Tested on: XAMPP...
CVE-2018-19246
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" intended for users who lack shell access to their web server is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 appkey value from the default config.php is in place, and this value ca...
CVE-2018-19246
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" intended for users who lack shell access to their web server is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 appkey value from the default config.php is in place, and this value ca...
Authorization
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" intended for users who lack shell access to their web server is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 appkey value from the default config.php is in place, and this value ca...
CVE-2018-19246
PHP-Proxy 5.1.0 is vulnerable to Local File Inclusion due to the default pre-installed version containing a fixed app_key in the config.php, enabling an attacker to craft an encrypted string and access local files via index.php?q=… (LFI). This vulnerability is documented as CVE-2018-19246 and is ...
CVE-2018-19246
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" intended for users who lack shell access to their web server is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 appkey value from the default config.php is in place, and this value ca...
Information Exposure
PHP-Proxy allows remote attackers to read local files if the default pre-installed version intended for users who lack shell access to their web server is used. This occurs because the appkey value from the default config.php is in place, and this value can be easily used to calculate the...