tinyfilemanager

vulnerability ssrf
severity 7.1
language php
registry other

✍️ Description

SSRF to access internal server

🕵️‍♂️ Proof of Concept

  1. goto http://localhost/tinyfilemanager/index.php?p=&upload and put internal serveer address and see it will fetch that file

#Video Poc https://drive.google.com/file/d/1dsTqvuQbGN619Gdncze4tuIH7MsonliT/view?usp=sharing

💥 Impact

ssrf to access internal network