BLOG v1.55B Arbitrary File Upload Vulnerability

vendor:

BLOG

by:

Piker

7.5

CVSS

HIGH

Arbitrary File Upload

N/A

CWE

Product Name: BLOG

Affected Version From: BLOG v1.55B

Affected Version To: prior versions

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

BLOG v1.55B Arbitrary File Upload Vulnerability

This script only checks if the file you are uploading is not a text/plain file so you can upload whatever you want, for example a PHP Shell.

Mitigation:

Ensure that the file upload feature is properly secured and only allows the upload of files with the correct MIME type.

Source

Exploit-DB raw data:

################## Piker #######################################
#
#
#    BLOG v1.55B Arbitrary File Upload Vulnerability
#

#
#    Affected software: BLOG v1.55B prior versions can be affected

#    Vendor: http://sourceforge.net/projects/kafooeyblog/
#    Risk: High
#
################################################################

#

#    http://[target]/[path]/lib/image_upload.php
#
#   This script only checks if the file you are uploading
#   is not a text/plain file so you can upload whatever
#   you want, for example a PHP Shell.
#

#   
################################################################
#
#         Found by Piker [piker0x90(at)gmail(dot)com]
#
#            D.O.M Labs - Security Researchers
#                   www.domlabs.org

#
#
################################################################

# milw0rm.com [2008-12-21]