Pwning rConfig part II

Pwning rConfig: part two

Hello everyone, remember the post about rConfig? Well, apart from all those vulnerabilities I found 3 authenticated RCEs along with 2 authentication bypasses (one of those leveraging an information disclosure). It is also worth saying that many of the previous known vulnerabilities (with CVE assigned and everything) were still present in the version 3.9.5 (which was the one I tested), so there are more ways to RCE ;) The technical details are better explained here:

Have a good day :)