This paper focuses on manual exploitation of ES File explorer vulnerability which works on version v4.1.9.7.4. It allows the attackers on the same network to execute applications, read files and sensitive personal data.

Key Pointers:

  • Covering some important keywords used throughout the paper
  • Mapping the affected and unaffected versions of the ES FileExplorer
  • Setting up the virtual environment to demonstrate the exploitation process
  • Covering the mitigations for this vulnerability