like i got this page
1 Like
Umm, If I were you I search Page’s IP first.
If Criminal IP scan successful, you get banner data.
This case(picture 1) PHP version 5.1.2 has vulnerability such as CVE-2019-9638, CVE-2019-9637 etc
You can used these CVE to attack . or use to know’wow my page is so vulnerable’
Also you can get exploit code click to exploit search(picture 2). However if no edb content about these CVE, You can’t get more info from exploit search.
https://www.criminalip.io/asset/report?query=65.0.106.133
2 Likes
Thanks for reply, i try for directory bruteforce it , got image and phpmyadmin page.
Phpmyadmin is lock with password so i try to phpmyadmin/setup , got into the page of setup sucessful.
Should I try LFI ?
1 Like
If it’s a test environment, go ahead.
1 Like