LoveCMS 1.6.2 Final (Download Manager v1.0) Arbitrary File Upload Exploit ~ Freedom Blogging

Kamis, November 27, 2008

LoveCMS 1.6.2 Final (Download Manager v1.0) Arbitrary File Upload Exploit

Kamis, November 27, 2008 Reko Srowako Blogger No comments

Download:
http://www.thethinkingman.net/modules/download_manager/?id=16

Description:
This exploit allows attacker to upload any type of file [no extension filtration] ex. php shell...
Uploader is adding random number on the begining of file name so user have to check it manually.
for more information check /modules/download_manager/admin/index.php lines 10 - 27.

# milw0rm.com

Posted in: Security Internet

0 komentar:

Posting Komentar

Bagaimana Komentar Anda
U Comment ... I Follow
Berikan komentar anda dalam bentuk Saran/Kritik.
Sedikit atau banyak komentar anda, Penulis akan Following ke URL anda.
Lengkapi URL/identitas anda.

I am a person who wants a freedom doing various things that are difficult even impossible to break through. I want freely to examine the string of codes, looking for weaknesses but not to weaken either. I like moving freely in the flow of gateway to all free points in the world to communicate, explore and enjoy the freedom without any difference in exchange, learning and sharing all the purity of science.

Freedom Blogging

Kamis, November 27, 2008