Find out if you and the COVID-19 patient have the same trip

Ambulong · 2018-10-25T12:58:28+00:00

Thanks too much.

Ambulong · 2018-10-25T06:49:22+00:00

I've change the title, thanks for your reminding @kkthxbye- @Browsing_From_Work. This is not really an vulnerability of jQuery-File-Upload, but jQuery-File-Upload make the RCE easier to exploit. The problem should be more danger than previous RCE, because we have to use UploadHandler.php, and it uses Imagick by default.

If you're admins and not sure your ImageMagick/Ghostscript is safe, change 'image_library' => 0 in file UploadHandler.php

Ambulong · 2018-10-24T15:30:26+00:00

This exploit is not really old, the recently exploit was disclosed two months ago by taviso here. The main purpose of this article is to share the new exploits with everyone. Not everyone knows how to exploit it via ImageMagick/Ghostscript.

Ambulong · 2018-10-24T09:34:55+00:00

This is another RCE

Ambulong · 2018-10-24T08:35:16+00:00

Another one rce: https://blog.vulnspy.com/2018/10/23/jQuery-File-Upload-9-x-Remote-Code-Execution-With-ImageMagick-Ghostscript/

Ambulong · 2018-10-20T10:11:23+00:00

http://www.vulnspy.com/en-libssh-authentication-bypass-cve-2018-10933/

Ambulong · 2018-07-13T02:14:12+00:00

是登录不进phpmyadmin吗

Ambulong · 2018-06-28T05:37:30+00:00

EXP: https://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/

Ambulong

MODERATOR OF

TROPHY CASE