Kamis, November 27, 2008

LoveCMS 1.6.2 Final (Download Manager v1.0) Arbitrary File Upload Exploit

Download:
http://www.thethinkingman.net/modules/download_manager/?id=16

Description:
This exploit allows attacker to upload any type of file [no extension filtration] ex. php shell...
Uploader is adding random number on the begining of file name so user have to check it manually.
for more information check /modules/download_manager/admin/index.php lines 10 - 27.


# milw0rm.com

0 komentar:

Posting Komentar

Bagaimana Komentar Anda
U Comment ... I Follow
Berikan komentar anda dalam bentuk Saran/Kritik.
Sedikit atau banyak komentar anda, Penulis akan Following ke URL anda.
Lengkapi URL/identitas anda.

Twitter Delicious Facebook Digg Stumbleupon Favorites More