JobScript Remote Code Execution

Posted by deepcore on May 24, 2016 – 6:29 pm

JobScript suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in ‘/admin-ajax.php’ script thru the ‘name’ and ‘file’ POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with ‘.php’ extension (to bypass the ‘.htaccess’ block rule) that will be stored in ‘/jobmonster/wp-content/uploads/jobmonster/’ directory.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [webapps] – AfterLogic WebMail Pro ASP.NET 6.2.6 – Administrator Account Disclosure via XXE Injection Teampass v2.1.26 – Stored Cross Site Scripting Vulnerability »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

JobScript Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL