header-logo
Suggest Exploit
vendor:
Flashden
by:
DigitALL
7.5
CVSS
HIGH
Shell Upload
434
CWE
Product Name: Flashden
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE: N/A
CPE: a:jurgenvisser.nl:flashden:2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Flashden Shell Upload Vulnerability

Flashden is vulnerable to shell upload. To exploit the vulnerability, the attacker needs to go to the select_file2.php page, select the shell.php file, upload it and then go to the upload/shell.php page.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate file extensions and that the application is configured to reject files with multiple extensions.
Source

Exploit-DB raw data:

# Exploit Title: Flashden Shell Upload Vulnerability

# Date: 26.12.2009

# Author: DigitALL

# Greetz: Zombie KroNickq HackSpy and ALL 1923Turk.Biz Members

# Vendor: http://www.jurgenvisser.nl

# Version: 2.0

# Dork: inurl:"select_file2.php"

# Application: Please Add Files ( Your Shell ) And Upload.

# Shell: /test/shell.php --  /up/shell.php --  /upload/shell.php --  /beta/shell.php OR one back dir.