TUCoPS :: Web :: Blogs :: tb12042.htm

Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability
Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability
Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability


Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability

------------------------------------------------------------------------
Script : Neuron Blog

Version : 1.1

Site : http://dev.localhost.be/?q=detail-script&id=11 

Founder : Rizgar

Contact : rizgar@linuxmail.org and irc.gigachat.net #kurdhack 

Thanks : KHC,PH,ColdHackers and all Kurdish script kiddies/hax0rs/lame/l33t/ 

d0rk : "neuron blog powered"
------------------------------------------------------------------------

Vulnerability details:

This blog the prepare persons to in "/admin" page to the entrance of far away did't hinder. To reach of far away to be done is necessary just a "click" :) www.site.com/admin 


The effect area : The modules in admin


Let us look at now /admin/pages/blog-add.php ;


lines = 42 finish 55


file:







filetype:










Note : If you join the admin modules add blog will get out. You can throw the file to website :) you can find your file in the link is /example/uploads or anyway can you see the homapage :)

Now relative the PoC


http://www.site.com/admin/blog-add.php 

http://www.site.com/uploads/phpshell.php :] 

and upload your files :) there is two is choose 1) photo 2) documents

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH