Authored by indoushka

ERPGo SaaS CRM version 3.3 suffers from an arbitrary file upload vulnerability.

====================================================================================================================================
| # Title : ERPGo SaaS CRM v3.3 Arbitrary File Upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit) |
| # Vendor : https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 |
| # Dork : "ERPGo SaaS" login |
"All In One Business ERP With Project, Account, HRM, CRM" |
“Attention is the new currency” The more effortless the writing looks, the more effort the writer actually put into the process. |
====================================================================================================================================

poc :


[+] Dorking İn Google Or Other Search Enggine.

[+] Use Payload : https://erpgo.127.0.0.1/ERPGo/register <====| Register New account

[+] Go to your membership profile and upload a malicious file instead of an image <===| https://erpgo.127.0.0.1/erpgo-saas/profile

[+] Your Ev!l = https://erpgo.127.0.0.1/erpgo-saas/storage/uploads/avatar/zip_1671699428.php

Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet |
|
=======================================================================================================================================