module
Bludit Directory Traversal Image File Upload Vulnerability
| Disclosed | Created |
|---|---|
| 09/07/2019 | 11/13/2019 |
Disclosed
09/07/2019
Created
11/13/2019
Description
This module exploits a vulnerability in Bludit. A remote user could abuse the uuid
parameter in the image upload feature in order to save a malicious payload anywhere
onto the server, and then use a custom .htaccess file to bypass the file extension
check to finally get remote code execution.
parameter in the image upload feature in order to save a malicious payload anywhere
onto the server, and then use a custom .htaccess file to bypass the file extension
check to finally get remote code execution.
Authors
christasasinn3r
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/linux/http/bludit_upload_images_exec
msf /(c) > show actions
...actions...
msf /(c) > set ACTION < action-name >
msf /(c) > show options
...show and set options...
msf /(c) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.