Recent Topics

Shell upload vulnerability

Started by on Jun 05, 2018 – Contents updated: Jun 25, 2018

Jun 05, 2018 11:40    

Can you confirm that this vulnerability was fixed?

# Exploit Title: Remote File Upload Vulnerability in b2evolution 6.8.8
# Google Dork: no
# Date: 14-03-2017
# Exploit Author: @rungga_reksya, @dvnrcy, @yokoacc
# Vendor Homepage:
# Software Link:
# Version: 6.8.8 Stable
# Tested on: Windows Server 2012 Datacenter Evaluation
# CVE : no

I. Background:
b2evolution is a tool that allows you to build your own website. This ranges from just a home page to a full featured site with multiple blogs, forums for your user community and structured content such as manuals or knowledge bases. Additionally, b2evolution allows you to send newsletters to your user community and members can send private messages to each other.

II. Description:
Unrestricted file upload vulnerability in afile uploada modules in B2evolution CMS 6.8.8 allows authenticated user to upload malicious code (shell), even though in the system has restricted extension (php).

III. Exploit:
In this case, we have privilege as administrators and then access to afiles menua (http://HOST/b2evolution/admin.php?ctrl=files). Choose your directory and upload your shell with php extension. 

e.g you choose aadmina folder, so access your shell such as:

IV. Thanks to:
- Alloh SWT
- MyBoboboy
- @yokoacc, @dvnrcy
- Komunitas IT Auditor & IT Security Kaskus
Refer to:Remote File Upload Vulnerability in b2evolution 6.8.8

Jun 25, 2018 15:56

This is a bogus report. b2evolution is configured by default so that Admin (and Admin only) can upload PHP files. It is NOT a security issue that Admin can upload PHP files. If you think it is , you can easily disable this in the backoffice.

Form is loading...

open source blog tool – This forum is powered by b2evolution CMS, a complete engine for your website.