CVE-2008-4549

ImageShack Toolbar 4.5.7 - Arbitrary File Upload via BuildSlideShow Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4549. PoCs published by rgod.

AI-analyzed exploit summary This exploit demonstrates an insecure method in the ImageShack Toolbar 4.5.7 FileUploader Class (ImageShackToolbar.dll) that allows arbitrary file uploads from a user's local system to ImageShack's servers via a malicious webpage. The PoC uses VBScript to invoke the vulnerable COM object and upload files, bypassing intended restrictions.

Description

The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · htmlremotewindows

https://www.exploit-db.com/exploits/4981

View Code ZIP pw:eip

This exploit demonstrates an insecure method in the ImageShack Toolbar 4.5.7 FileUploader Class (ImageShackToolbar.dll) that allows arbitrary file uploads from a user's local system to ImageShack's servers via a malicious webpage. The PoC uses VBScript to invoke the vulnerable COM object and upload files, bypassing intended restrictions.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ImageShack Toolbar 4.5.7

No auth needed

Prerequisites: Victim must have ImageShack Toolbar 4.5.7 installed · Victim must visit a malicious webpage hosting the exploit

MITRE ATT&CK