Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
logahead UNU edition 1.0 Remote Upload file & Code execution - exploit.company
header-logo
Suggest Exploit
vendor:
logahead UNU edition
by:
CorryL
7.5
CVSS
HIGH
Remote Upload file & Code execution
CWE
Product Name: logahead UNU edition
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux, Unix
2006

logahead UNU edition 1.0 Remote Upload file & Code execution

A remote attacker can upload a PHP file and execute arbitrary commands on the victim server.

Mitigation:

Unknown
Source

Exploit-DB raw data:

-=[--------------------ADVISORY-------------------]=-
                                             
              logahead UNU edition 1.0    
                                              
  Author: CorryL    [corryl80@gmail.com]  
-=[-----------------------------------------------]=-


-=[+] Application:    logahead UNU edition
-=[+] Version:        1.0
-=[+] Vendor's URL:   http://typo.i24.cc/logahead/
-=[+] Platform:       Windows\Linux\Unix
-=[+] Bug type:       Remote Upload file & Code execution
-=[+] Exploitation:   Remote
-=[-]
-=[+] Author:          CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference:       www.x0n3-h4ck.org
-=[+] Virtual Office:  http://www.kasamba.com/CorryL
-=[+] Irc Chan:        irc.darksin.net #x0n3-h4ck       
-=[+] Special Thanks: Merry Christmas for All, Thanks for all  #x0n3-h4ck member,
                                  un saluto a tutti gli avolesi nel mondo.

..::[ Descriprion ]::..

You might already have heard of logahead - the ajaxified blogging engine using PHP4 and mySQL database by James from the UK.
The UNU edition is based on the logahead beta 1.0 code published under GNU/GPL license. While the original version sticks to 
the basic functions of a blog (mainly publishing posts and receiving comments), the UNU edition is more enchanted and offers 
a number of additional features.


..::[ Bug ]::..

My give searches the form Widgets of this blog is results vulnerability, in fact
a remote attaker is able to upload also a file php, and to perform arbitrary commands
inside the server victim.

..::[ Proof Of Concept ]::..

http://www.server-victim/extras/plugins/widged/_widged.php?A=U&D=


..::[ Disclousure Timeline ]::..

 [25/12/2006] - Public disclousure

# milw0rm.com [2006-12-25]

Navigation

Suggest Exploit

Services By CQR