\#'#/ (-.-) --------------------oOO---(_)---OOo---------------------- | IDIC Blogs Arbitrary File Upload Vulnerability | --------------------------------------------------------- [!] Discovered: cr4wl3r [!] Site: http://0xuht.org [!] Download: http://sourceforge.net/projects/idicblogs/files/ [!] Version: - [!] Date: 12.11.2012 [!] Remote: yes [!] Tested: Ubuntu [!] Reference: http://0xuht.org/Exploit/idic-blog.txt [!] Details: By issuing a POST request with a webshell embedded in a JPEG or PJPEG image it is possible to upload [!] Vulnerability Code [picture_upload.php] : '; }else{ $es = 'ERROR: Unable to upload image
'; } } else { $es = 'ERROR: Wrong filetype (has to be a .jpg or .jpeg.)
'; } } if($es){ ?> [!] PoC (Piye om Carane): [IDIC_Blogs]/picture_upload.php [!] Shell: [IDIC_Blogs]//members_orgimage/shell.php.pjpeg [!] Demo: http://0xuht.org/demo/idic-blog1.png http://0xuht.org/demo/idic-blog2.png [!] Thanks: packetstormsecurity // Gorontalo [2012-11-12]