Home Tools Exploits & CVE's WEBIGniter 28.7.23 Shell Upload

WEBIGniter 28.7.23 Shell Upload

September 6, 2023

2360

WEBIGniter version 28.7.23 suffers from a remote shell upload vulnerability.

## Title: WEBIGniter-28.7.23 File Upload - RCE
## Author: nu11secur1ty
## Date: 09/04/2023
## Vendor: https://webigniter.net/
## Software: https://webigniter.net/demo
## Reference: https://portswigger.net/web-security/file-upload


## Description:
The media function suffers from file upload vulnerability.
The attacker can upload and he can execute remotely very dangerous PHP
files, by using any created account before this on this system.
Then he can do very malicious stuff with the server of this application.

## Staus: HIGH-CRITICAL Vulnerability

[+]Simple Exploit:
```PHP
<?php
  phpinfo();
?>

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WEBIGniter/2023/WEBIGniter-28.7.23-File-Upload-RCE)

## Proof and Exploit
[href](https://www.nu11secur1ty.com/2023/09/webigniter-28723-file-upload-rce.html)

## Time spent:
00:15:00

WEBIGniter 28.7.23 Shell Upload

Follow us on Instagram @thecyberpost

EDITOR PICKS

Relate Learning And Teaching System SSTI / Remote Code Execution

Apache Solr Backup/Restore API Remote Code Execution

PowerVR PMRMMapPMR() Writability Check

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Office Suite Premium 10.9.1.42602 Local File Inclusion

Atos Unify OpenScape Code Execution / Missing Authentication

Windows Container Manager Service Arbitrary Object Directory Creation Privilege Escalation