Live Zilla 7.x Remote File Upload Vulnerability

2018.06.16

IRANIAN ETHICAL HACKERS (DE)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intitle:"LiveZilla" inurl:/upload.php

[+] Exploit Title ; Live Zilla 7.x Remote File Upload Vulnerability
[+] Date : 2018-06-16
[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS
[+] Vendor Homepage : https://www.livezilla.net/
[+] Dork : intitle:"LiveZilla" inurl:/upload.php
[+] My Site : 0P3N3R.IR
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] Description :
[!] With This Vulnerability you can upload any files on server.
[+] Poc :
[!] Search dork on google and open sites
[!] Choose Your File And Click On The Upload Button
[!] Your file uploaded successfully .
[!] Your File Path : http://localhost/livezilla/uploads/yourfile.php
[+] Security Level :
[!] High
[+] Exploitation Technique:
[!] Remote
[+] Request Method :
[!] POST
[+] Vulnerability Files :
[!] Upload.php
[+] Target :
[!] http://zonglivechat.com/upload.php
[!] http://www.tfwarren.com/livezilla/upload.php
[!] http://springfieldloftapartments.com/livezilla/upload.php
[!] https://stampavisa.com/livezilla/upload.php
[+] Fix :
[!] Update Your Live Zilla Service. this vulnerability patched on 7.1.0.3 version.
[+] We Are : [+] 0P3N3R [+] Ebrahim_Vaker

See this note in RAW Version

Vote for this issue:

20%

80%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Live Zilla 7.x Remote File Upload Vulnerability

Dork: intitle:"LiveZilla" inurl:/upload.php

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.