CVE-2015-6967

This Metasploit module exploits an authenticated file upload vulnerability in Nibbleblog 4.0.3, allowing arbitrary PHP code execution by uploading a malicious payload disguised as an image plugin.

The repository contains a functional exploit for CVE-2015-6967, targeting Nibbleblog 4.0.3. The vulnerability arises from improper file extension handling in the 'My image' plugin, allowing arbitrary PHP file uploads leading to remote code execution (RCE).

This repository contains a functional Python exploit for CVE-2015-6967, an arbitrary file upload vulnerability in Nibbleblog 4.0.3. The exploit authenticates, uploads a malicious PHP file via the 'my_image' plugin, and executes it to achieve remote code execution.

This Python script exploits CVE-2015-6967 in Nibbleblog by authenticating as an admin, uploading a PHP reverse shell via a vulnerable plugin configuration, and executing it to gain remote code execution. The exploit uses a standard reverse shell payload and leverages session management for authentication.

This repository contains a functional exploit for CVE-2015-6967, targeting Nibbleblog's file upload vulnerability to achieve remote code execution (RCE). The exploit authenticates as an admin, uploads a malicious PHP shell via the 'my_image' plugin, and includes a reverse shell payload.

This repository contains functional exploit code for CVE-2015-6967, targeting Nibbleblog's arbitrary file upload vulnerability. The scripts demonstrate authentication bypass and remote code execution via malicious PHP file upload.

This repository contains a functional Python exploit for CVE-2015-6967, targeting Nibbleblog 4.0.3. The exploit authenticates, uploads a malicious PHP shell via a plugin configuration vulnerability, and executes arbitrary commands.

This Metasploit module exploits an authenticated file upload vulnerability in Nibbleblog 4.0.3, allowing arbitrary PHP code execution by uploading a malicious payload disguised as an image file via the 'My Image' plugin.