header-logo
Suggest Exploit
vendor:
BigDump
by:
Felipe Andrian Peixoto
7,5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: BigDump
Affected Version From: v0.35b
Affected Version To: v0.35b
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 and Linux
2014

Arbitrary Upload on BigDump v0.35b

BigDump v0.35b is vulnerable to an arbitrary file upload vulnerability. This vulnerability allows an attacker to upload malicious files and shells with tamperdate. The vulnerable file is bigdump.php and the exploit is available at http://host/bigdump.php?start=

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate MIME type and validate the file size before accepting the upload.
Source

Exploit-DB raw data:

[+] Arbitrary Upload on BigDump v0.35b
[+] Date: 23/03/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.ozerov.de/bigdump/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: bigdump.php
[+] Version: v0.35b
[+] Exploit : http://host/bigdump.php?start= 
[+] PoC: http://SERVER/bigdump.php?start=

Note: allows upload files and shells with tamperdate.

Navigation

Suggest Exploit

Services By CQR