NEPT Image Uploader 1.0 - Arbitrary File Upload
| EKU-ID: 14704 | CVE: OSVDB-49428;CVE-2008-6822 | OSVDB-ID: |
| Author: Dentrasi | Published: 2008-10-24 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 14704 | CVE: OSVDB-49428;CVE-2008-6822 | OSVDB-ID: |
| Author: Dentrasi | Published: 2008-10-24 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
//Title - NEPT Image Uploader shell upload //Vendor - newearthpt.freehostia.com //Version - 1.0 //Status - vendor has been notified //Author - Dentrasi //Description It is possible to upload a php script to the remote site. 1. Select a php file for upload 2. Select it for upload, and tamperdata the request 3. Change the Content-Type from 'application/octet-stream' to 'image/jpeg' 4. If the link provided gives a 404, add 'upload/' before the file name # milw0rm.com [2008-10-24]