Traidnt UP Version 1.0. remote file upload vulnerability

vendor:

Traidnt UP

by:

fantastic

7.5

CVSS

HIGH

Remote File Upload Vulnerability

434

CWE

Product Name: Traidnt UP

Affected Version From: 1

Affected Version To: 1

Patch Exists: N/A

Related CWE: N/A

CPE: a:traidnt:traidnt_up

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Traidnt UP Version 1.0. remote file upload vulnerability

A vulnerability in Traidnt UP Version 1.0. allows an attacker to upload malicious files to the server. The attacker can upload a malicious file with a .php.gif or .php.jpg extension, which will be executed as a PHP script.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the expected file extensions.

Source

Exploit-DB raw data:

================================================================================================
================================================================================================                                                                                               
 Traidnt UP Version 1.0. remote file upload vulnerability
                           
========================================
========================================
                                                     
== Author::  fantastic    
             
== Home :: www.iq-ty.com                          
== email:: egypt.fantastic@yahoo.com  
=======================================
=======================================
DorK:  inurl: Powered by Traidnt UP Version 1.0.
===========================================================
===========================================================                                                                                                               
exploit :  upload your php file as   the file name.php.gif   or  the file name .php.jpg
                                                                                                                     
 for example  shell.php.gif    or shell.php.jpg                                                   
                                                                                                                      
===========================================================
thanks for  www.iq-ty.com  hussain  x , fahd , montela88 , virus t , abu salaman  , MR-MOH  , SAKAB , and all of my iq-ty friends
===========================================================

# milw0rm.com [2009-02-09]