Lucene search

K
packetstormNu11secur1tyPACKETSTORM:174489
HistorySep 05, 2023 - 12:00 a.m.

WEBIGniter 28.7.23 Shell Upload

2023-09-0500:00:00
nu11secur1ty
packetstormsecurity.com
153
webigniter
file upload
remote code execution
vulnerability
php
portswigger
exploit
proof
security document
`## Title: WEBIGniter-28.7.23 File Upload - RCE  
## Author: nu11secur1ty  
## Date: 09/04/2023  
## Vendor: https://webigniter.net/  
## Software: https://webigniter.net/demo  
## Reference: https://portswigger.net/web-security/file-upload  
  
  
## Description:  
The media function suffers from file upload vulnerability.  
The attacker can upload and he can execute remotely very dangerous PHP  
files, by using any created account before this on this system.  
Then he can do very malicious stuff with the server of this application.  
  
## Staus: HIGH-CRITICAL Vulnerability  
  
[+]Simple Exploit:  
```PHP  
<?php  
phpinfo();  
?>  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WEBIGniter/2023/WEBIGniter-28.7.23-File-Upload-RCE)  
  
## Proof and Exploit  
[href](https://www.nu11secur1ty.com/2023/09/webigniter-28723-file-upload-rce.html)  
  
## Time spent:  
00:15:00  
  
  
`