Serendipity 1.5.4 0day Arbitrary File Upload Vulnerability

2010-12-21 09:15:09

In The Name Of GOD
[+] Exploit Title:remote 0day file upload
[+] Date: 2010
[+] script:Serendipity 1.5.4
[+] Software Link: http://www.s9y.org/12.html
[+] Author : pentesters.ir
[+]discovered by:ahmadbady
[+] Contact : [email protected]
[+] Website : WwW.PenTesters.IR
[+] Greeting: Behzad, navid, ...
[+]dork:"Powered by s9y" and "Powered by serendipity"
----------------------------------------------------------------------------
up:
/path/htmlarea/plugins/ExtendedFileManager/manager.php

shell:
/htmlarea/plugins/ExtendedFileManager/demo_images/shell.php.gif
------------------------------------------------------------------------------

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.