4

[webapps] WEBIGniter v28.7.23 File Upload - Remote Code Execution

 9 months ago
source link: https://www.exploit-db.com/exploits/51736
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

WEBIGniter v28.7.23 File Upload - Remote Code Execution

EDB-ID:

51736

EDB Verified:

Exploit:

  /  

Platform:

PHP

Date:

2023-10-09

Vulnerable App:

## Title: WEBIGniter v28.7.23 File Upload - Remote Code Execution
## Author: nu11secur1ty
## Date: 09/04/2023
## Vendor: https://webigniter.net/
## Software: https://webigniter.net/demo
## Reference: https://portswigger.net/web-security/file-upload


## Description:
The media function suffers from file upload vulnerability.
The attacker can upload and he can execute remotely very dangerous PHP
files, by using any created account before this on this system.
Then he can do very malicious stuff with the server of this application.

## Staus: HIGH-CRITICAL Vulnerability

[+]Simple Exploit:
```PHP
<?php
	phpinfo();
?>

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WEBIGniter/2023/WEBIGniter-28.7.23-File-Upload-RCE)

## Proof and Exploit
[href](https://www.nu11secur1ty.com/2023/09/webigniter-28723-file-upload-rce.html)

## Time spent:
00:15:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK