This Metasploit module exploits various flaws in The Uploader to upload a PHP payload to target system. When run with defaults it will search possible URIs for the application and exploit it automatically. Works against both English and Italian language versions. Notably it disables pre-emptive email warnings before uploading the payload, though it leaves log cleanup as a post-exploitation task.
d29a260fa19d9695a7f57da48288f4735a750b3a821a5fdf8012ac51ec7892aaPHPAds version 2.0 suffers from administrative bypass and cross site scripting vulnerabilities.
c12bcdb2388d348913cec836ab01dc0db9ea270c2b7fe5435a04997858b9eb93RCBlog version 1.03 suffers from a remote authentication bypass vulnerability.
da5417acc6ca4dc1f2a03a7e2dcad56f2148ebabd28197a5fa86f28d560a7513Ninja Blog version 4.8 suffers from cross site request forgery and cross site scripting vulnerabilities.
5fbe07eb78e8f607da18b753d206d57a195804171d49b6c8158f3636bfdc2b5eNinja Blog version 4.8 suffers from a remote information disclosure vulnerability.
1ac8fb81127a7b04e575118d9675250f9a679afb9faf5e72a948f869c9a46498Silentum Upload version 1.40 remote file deletion exploit.
098f53a317c79b74ca7317aac3e3675febd3f9fe398fadfd2b64a316a2a6c08c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed