Wednesday, 12 February 2014

Exploit eggBlog 414 Arbitrary File Upload

Finding Vulnerable Target

Dork: "powered by"

Exploit : /_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

1- Copy the dork and paste on Google

2- Choose any site

Exploiting Target

1- Paste the exploit at the end of the URL.



and you will see something like this

2- Choose your file and click Upload.

3- To view your file, simply click on your file name in the upper right box.

Live Demo: