Full title: Jorani Remote Code Execution Exploit 
Category: remote exploits
Platform: php
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0.

# 0day.today @ http://0day.today/