NEPT Image Uploader 1.0 Arbitrary Shell Upload Vulnerability
| EDB-ID: 6830 | CVE: 2008-6822 | OSVDB-ID: 49428 |
| Author: Dentrasi | Published: 2008-10-24 | Verified:  |
Exploit Code:  | Vulnerable App: N/A |
Rating |
| EDB-ID: 6830 | CVE: 2008-6822 | OSVDB-ID: 49428 |
| Author: Dentrasi | Published: 2008-10-24 | Verified: |
| Exploit Code: | Vulnerable App: N/A |
Rating |
//Title - NEPT Image Uploader shell upload //Vendor - newearthpt.freehostia.com //Version - 1.0 //Status - vendor has been notified //Author - Dentrasi //Description It is possible to upload a php script to the remote site. 1. Select a php file for upload 2. Select it for upload, and tamperdata the request 3. Change the Content-Type from 'application/octet-stream' to 'image/jpeg' 4. If the link provided gives a 404, add 'upload/' before the file name # milw0rm.com [2008-10-24]