Headline
ERPGo SaaS CRM 3.3 Arbitrary File Upload
ERPGo SaaS CRM version 3.3 suffers from an arbitrary file upload vulnerability.
====================================================================================================================================| # Title : ERPGo SaaS CRM v3.3 Arbitrary File Upload Vulnerability || # Author : indoushka || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit) | | # Vendor : https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 | | # Dork : "ERPGo SaaS" login | "All In One Business ERP With Project, Account, HRM, CRM" |“Attention is the new currency” The more effortless the writing looks, the more effort the writer actually put into the process. |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : https://erpgo.127.0.0.1/ERPGo/register <====| Register New account [+] Go to your membership profile and upload a malicious file instead of an image <===| https://erpgo.127.0.0.1/erpgo-saas/profile[+] Your Ev!l = https://erpgo.127.0.0.1/erpgo-saas/storage/uploads/avatar/zip_1671699428.phpGreetings to :========================================================================================================================= |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | |=======================================================================================================================================