Untitled

SUBMITTED BY: Guest

DATE: July 13, 2014, 2:19 a.m.

FORMAT: Text only

SIZE: 814 Bytes

Raw Download

HITS: 653

Report
  1. Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5
  2. Date : 2014-07-07
  3. Exploit Author : Javid Hussain
  4. Vendor Homepage : http://www.madebyfrog.com
  6. # Exploit-DB Note: All authenticated users can upload files. If the file
  7. # does not have execute permissions the CMS allows users to change them.
  8. # No need to be authenticated to trigger uploaded files.
  10. There is a possibility to upload arbitrary file in Frog CMS latest version
  11. 0.9.5
  13. POC:
  15. The vulnerability exist because of the filemanager plugin is not properly
  16. verifying the extension of uploaded files.
  18. Go to http://localhost/frog_095/admin/?/plugin/file_manager/images
  20. Upload an executable php file
  22. Go to http://localhost/Frog/frog_095/public/images/
  24. for verification.
comments powered by Disqus