GR Blog v1.1.4 (Upload/Bypass) Multiple Remote Vulnerabilities Author: Jose Luis Gongora Fernandez (a.k.a) JosS Web: http://hack0wn.com/ /*************************/ TEST ON VERSION GR Blog v1.1.4, (in my localhost) Download : http://sirini.net/grboard/board.php?id=grblog&articleNo=43 /*************************/ [+] Remote File Upload: /admin/admin_upload.php (simple bypass) upload --> name.php.jpg PATH example: /data/2009/02/04/name.php.jpg -------------- files: /admin [+] SIMPLE bypass: admin_user.php admin_post.php admin_all.php more files... !xpl: you enter in any files [+] GET bypass: admin_modify_comment.php --