all InfoSec news
A look at CVE-2015–6967
April 25, 2023, 9:57 a.m. | Echo_Slow
System Weakness - Medium systemweakness.com
Or why you should never trust user-supplied data.
As promised in my previous blog post, in this post, I’ll take a look at CVE-2015–6967, a file upload vulnerability affecting Nibbleblog version 4.0.3, and write a custom script to exploit it.
The vulnerability
The vulnerability was found in 2015, allowing an attacker to upload a PHP script and execute remote commands. With that, I could call this a day, but where is the fun in that? Let’s take a …
blog blog post call cve data exploit file file upload fun htb machine opsec php privileges script trust version vulnerability
More from systemweakness.com / System Weakness - Medium
OSI Model & TCP/IP Comparison
15 hours ago |
systemweakness.com
Clocky | TryHackMe Write-up
2 days, 10 hours ago |
systemweakness.com
Tuesday Morning Threat Report: Apr 30, 2024
2 days, 10 hours ago |
systemweakness.com
Jobs in InfoSec / Cybersecurity
Senior Security Engineer - Detection and Response
@ Fastly, Inc. | US (Remote)
Application Security Engineer
@ Solidigm | Zapopan, Mexico
Defensive Cyber Operations Engineer-Mid
@ ISYS Technologies | Aurora, CO, United States
Manager, Information Security GRC
@ OneTrust | Atlanta, Georgia
Senior Information Security Analyst | IAM
@ EBANX | Curitiba or São Paulo
Senior Information Security Engineer, Cloud Vulnerability Research
@ Google | New York City, USA; New York, USA