header-logo
Suggest Exploit
vendor:
WEBIGniter
by:
nu11secur1ty
9
CVSS
CRITICAL
File Upload Remote Code Execution
CWE
Product Name: WEBIGniter
Affected Version From: WEBIGniter v28.7.23
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: None
2023

WEBIGniter v28.7.23 File Upload – Remote Code Execution

The media function in WEBIGniter v28.7.23 is vulnerable to file upload, allowing an attacker to upload and execute PHP files remotely. This can lead to malicious activities on the server.

Mitigation:

It is recommended to apply a patch or update to a version that fixes the file upload vulnerability. Additionally, implement proper input validation and file type checking to prevent unauthorized file uploads.
Source

Exploit-DB raw data:

## Title: WEBIGniter v28.7.23 File Upload - Remote Code Execution
## Author: nu11secur1ty
## Date: 09/04/2023
## Vendor: https://webigniter.net/
## Software: https://webigniter.net/demo
## Reference: https://portswigger.net/web-security/file-upload


## Description:
The media function suffers from file upload vulnerability.
The attacker can upload and he can execute remotely very dangerous PHP
files, by using any created account before this on this system.
Then he can do very malicious stuff with the server of this application.

## Staus: HIGH-CRITICAL Vulnerability

[+]Simple Exploit:
```PHP
<?php
	phpinfo();
?>

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WEBIGniter/2023/WEBIGniter-28.7.23-File-Upload-RCE)

## Proof and Exploit
[href](https://www.nu11secur1ty.com/2023/09/webigniter-28723-file-upload-rce.html)

## Time spent:
00:15:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Navigation

Suggest Exploit

Services By CQR