Webify Blog Delete Arbitrary File Vulnerability

vendor:

Blog

by:

JIKO(JAWAD)

7,5

CVSS

HIGH

Delete Arbitrary File Vulnerability

CWE

Product Name: Blog

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Webify Blog Delete Arbitrary File Vulnerability

An attacker can delete files uploaded in post and upload their own files if the server allows it.

Mitigation:

Ensure that the server is configured to only allow the upload of files with specific extensions and that the server is configured to not allow the execution of uploaded files.

Source

Exploit-DB raw data:

#########################################################################################
[!x!] Informations:
 
Name           : Webify Blog
Download       : http://www.webify.ws/blog
Vulnerability  : Delete Arbitrary File Vulnerability
Author         : JIKO(JAWAD)
Contact        : jalikom@hotmail.com
Site           : No-ExploiT.CoM (Is Back)
Notes          : No-ExploiT.CoM Miss
#########################################################################################
[!x!] Bug: Delete Arbitrary File Vulnerability 
 
you can delete file uploaded in post and upload your files (for php if allowed you can :))

 
#########################################################################################
[!x!] Exploit:
 
Exploit: http://server/blog/uploads/X/

change X with number of post 

 
########################################################################################
[!x!] To: All friends
Cyber_Devil Allah with you

members [No-exploit.Com]