This exploit demonstrates an arbitrary file upload vulnerability in b2evolution 6.8.2, allowing unauthenticated users to upload malicious PHP files via a multipart/form-data POST request to the comment_post.php endpoint. The uploaded file can then be executed by accessing it directly.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:b2evolution 6.8.2
No auth needed
Prerequisites:Access to the target web application · Ability to send HTTP POST requests