Simple Calculator by Peter Rekdal Sunde Remote Upload Vulnerability

vendor:

Simple Calculator

by:

indoushka

8,8

CVSS

HIGH

Remote Upload

434

CWE

Product Name: Simple Calculator

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Lunix Français v.(9.4 Ubuntu)

2020

Simple Calculator by Peter Rekdal Sunde Remote Upload Vulnerability

A vulnerability exists in Simple Calculator by Peter Rekdal Sunde, which allows a remote attacker to upload arbitrary files on the vulnerable system. The vulnerability is due to an error in the upload.php script, which allows an attacker to upload arbitrary files on the vulnerable system. The vulnerability is due to an error in the upload.php script, which allows an attacker to upload arbitrary files on the vulnerable system. The vulnerability is due to an error in the upload.php script, which allows an attacker to upload arbitrary files on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.

Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : Simple Calculator by Peter Rekdal Sunde Remote Upload Vulnerability           
| # Author   : indoushka      
| # Home     : www.dz-blackhat.com
| # Tested on: Lunix Français v.(9.4 Ubuntu)       
| # Bug      : Remote Upload                                                             
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
     1- http://127.0.0.1/upload/index.upload.php (index page)
     
     2- http://127.0.0.1/upload/upload.php (Upload Page)
     
     3- http://127.0.0.1/upload/ch99.php
                    
Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
www.owned-m.com * Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.m-y.cc * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
--------------------------------------------------------------------------------------------------------------