Headline

WEBIGniter 28.7.23 Shell Upload

WEBIGniter version 28.7.23 suffers from a remote shell upload vulnerability.

1 year ago

#vulnerability #web #git #php #rce #auth

## Title: WEBIGniter-28.7.23 File Upload - RCE## Author: nu11secur1ty## Date: 09/04/2023## Vendor: https://webigniter.net/## Software: https://webigniter.net/demo## Reference: https://portswigger.net/web-security/file-upload## Description:The media function suffers from file upload vulnerability.The attacker can upload and he can execute remotely very dangerous PHPfiles, by using any created account before this on this system.Then he can do very malicious stuff with the server of this application.## Staus: HIGH-CRITICAL Vulnerability[+]Simple Exploit:```PHP<?php  phpinfo();?>```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WEBIGniter/2023/WEBIGniter-28.7.23-File-Upload-RCE)## Proof and Exploit[href](https://www.nu11secur1ty.com/2023/09/webigniter-28723-file-upload-rce.html)## Time spent:00:15:00

Packet Storm: Latest News

WordPress Really Simple Security Authentication Bypass

15 hours ago

Packet Storm

Palo Alto PAN-OS Authentication Bypass / Remote Command Execution

15 hours ago

Packet Storm

Ubuntu Security Notice USN-7116-1

15 hours ago

Packet Storm

Ubuntu Security Notice USN-7015-5

15 hours ago

Packet Storm

Ubuntu Security Notice USN-7114-1

15 hours ago

Packet Storm