SHARE
CORE IMPACT v8 - Exploits Update (Mon Jun 29 2009)
Drupal BlogAPI Remote Code Execution Exploit
Exploits/Remote [Linux]
• Mon Jun 29 2009
The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an IMPACT agent, creates a php file to execute the agent and then makes a request to the file. The result is an IMPACT agent running on the webserver.
Exploits Vulnerabiltiy: CVE-2008-4792