header-logo
Suggest Exploit
vendor:
The Uploader 2.0
by:
Master Mind
7.5
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: The Uploader 2.0
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

The Uploader 2.0

The Uploader 2.0 is a php script which allows an attacker to upload a malicious file to the server. The attacker can upload a shell file (Shell.php) or any other extension to the server and access it via the URL http://server/script path/sdgsd/Shell.php

Mitigation:

The application should validate the file type before allowing it to be uploaded. The application should also restrict the file types that can be uploaded.
Source

Exploit-DB raw data:

=======================================================================================================

~ Script Name : The Uploader 2.0
~ Language : php
~ Author : Master Mind
~ Home : www.vbspiders.com 

==============================================

Exploit :

example:
http://server/script path/index.php

Just Upload Your Shell (Shell.php) ~~> or any extension you want

Shell path
http://server/script path/sdgsd/Shell.php

<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3

Greets : The Electronic Bomb, Twi[L]ight, R3d EYE, Doom[PS], Mr.BoOoO AND ALL MEMBERS :)