How can i exploit more if i get php INFO page

image

like i got this page

1 Like

Umm, If I were you I search Page’s IP first.

If Criminal IP scan successful, you get banner data.

This case(picture 1) PHP version 5.1.2 has vulnerability such as CVE-2019-9638, CVE-2019-9637 etc

You can used these CVE to attack . or use to know’wow my page is so vulnerable’

Also you can get exploit code click to exploit search(picture 2). However if no edb content about these CVE, You can’t get more info from exploit search.

https://www.criminalip.io/asset/report?query=65.0.106.133

image

image

2 Likes

Thanks for reply, i try for directory bruteforce it , got image and phpmyadmin page.

Phpmyadmin is lock with password so i try to phpmyadmin/setup , got into the page of setup sucessful.

Should I try LFI ?

1 Like

If it’s a test environment, go ahead.

1 Like