2021-09-17 14:04:21 +00:00
id : luftguitar-arbitrary-file-upload
info :
name : Luftguitar CMS Arbitrary File Upload
author : pikpikcu
severity : high
tags : luftguitar
2021-10-19 10:03:41 +00:00
description : A vulnerability in Luftguitar CMS allows remote unauthenticated users to upload files to the remote service via the 'ftb.imagegallery.aspx' endpoint.
2021-09-18 08:58:03 +00:00
reference : https://www.exploit-db.com/exploits/14991
2021-09-17 14:04:21 +00:00
requests :
- method : GET
path :
2021-09-18 09:02:13 +00:00
- "{{BaseURL}}/ftb.imagegallery.aspx"
2021-09-17 14:04:21 +00:00
matchers-condition : and
matchers :
- type : word
part : body
words :
2021-09-18 08:58:03 +00:00
- '<title>Insert Image</title>'
2021-09-18 06:44:32 +00:00
- '<title>Image Gallery</title>'
2021-09-18 08:58:03 +00:00
condition : or
2021-09-17 14:04:21 +00:00
- type : status
status :
- 200