################## Piker ####################################### # # # BLOG v1.55B Arbitrary File Upload Vulnerability # # # Affected software: BLOG v1.55B prior versions can be affected # Vendor: http://sourceforge.net/projects/kafooeyblog/ # Risk: High # ################################################################ # # http://[target]/[path]/lib/image_upload.php # # This script only checks if the file you are uploading # is not a text/plain file so you can upload whatever # you want, for example a PHP Shell. # # ################################################################ # # Found by Piker [piker0x90(at)gmail(dot)com] # # D.O.M Labs - Security Researchers # www.domlabs.org # # ################################################################ # milw0rm.com [2008-12-21]