WEBIGniter v28.7.23 File Upload – Remote Code Execution

• Exploit Database
• 15 阅读

• 作者： nu11secur1ty
  日期： 2023-10-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51736/

• ## Title: WEBIGniter v28.7.23 File Upload - Remote Code Execution
  ## Author: nu11secur1ty
  ## Date: 09/04/2023
  ## Vendor: https://webigniter.net/
  ## Software: https://webigniter.net/demo
  ## Reference: https://portswigger.net/web-security/file-upload
  
  
  ## Description:
  The media function suffers from file upload vulnerability.
  The attacker can upload and he can execute remotely very dangerous PHP
  files, by using any created account before this on this system.
  Then he can do very malicious stuff with the server of this application.
  
  ## Staus: HIGH-CRITICAL Vulnerability
  
  [+]Simple Exploit:
  ```PHP
  <?php
  	phpinfo();
  ?>
  
  ```
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WEBIGniter/2023/WEBIGniter-28.7.23-File-Upload-RCE)
  
  ## Proof and Exploit
  [href](https://www.nu11secur1ty.com/2023/09/webigniter-28723-file-upload-rce.html)
  
  ## Time spent:
  00:15:00
  
  
  -- 
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  Exploit developer at https://packetstormsecurity.com/
  https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
  https://www.exploit-db.com/
  0day Exploit DataBase https://0day.today/
  home page: https://www.nu11secur1ty.com/
  hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
  nu11secur1ty <http://nu11secur1ty.com/>