header-logo
Suggest Exploit
vendor:
Easy File Uploader
by:
Daniel Godoy
7,5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: Easy File Uploader
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: GNU/Linux
2017

Easy File Uploader – Arbitrary File Upload

An attacker can upload a malicious file to the Easy File Uploader application, which can be accessed by the attacker to gain access to the system.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate file extensions and validate the content of the uploaded files.
Source

Exploit-DB raw data:

# Exploit Title: Easy File Uploader  - Arbitrary File Upload
# Date: 27/04/2017
# Exploit Author: Daniel Godoy
# Vendor Homepage: https://codecanyon.net/
# Software Link: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287
# Tested on: GNU/Linux
# GREETZ: Rodrigo Mouriño, Rodrigo Avila, #RemoteExecution Team


POC

Drop file php (shell.php) to upload.
access to http://poc_site/fileFolder/shell.php and enjoy!

Navigation

Suggest Exploit

Services By CQR