Full title: Nibbleblog v3.4 (ajax) <= (FD/FU) Multiple Vulnerabilities 
Category: web applications
Platform: php
Nibbleblog v3.4 is suffer from multiple vulnerabilities / bugs in 
ajax-Uploader , the attacker can use some bug in the ajax-up plug
to Disclosure the Full Path , and the uploader is not protected !
after get admin auth ( use brute force or any way :p ) post new image
with TamperData (Shell-Included) and upload , use temper to find filename-hash to .
http://i49.tinypic.com/ev8ktx.png
http://i46.tinypic.com/350nmdg.png
http://i49.tinypic.com/33lm52v.png

# 0day.today @ http://0day.today/