header-logo
Suggest Exploit
vendor:
jDownloads
by:
Al-Ghamdi
7.5
CVSS
HIGH
Remote File Upload Vulnerability
434
CWE
Product Name: jDownloads
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: jdownloads
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
20ll

jDownloads 1.0 Remote File Upload Vulnerability

A vulnerability in jDownloads 1.0 allows an attacker to upload a malicious file to the server. The attacker can register on the website if required and then navigate to the Submit file page. The attacker can then upload a malicious file with a shell.php.jpg format and the path of the uploaded file will be displayed.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the expected file types and extensions.
Source

Exploit-DB raw data:

____________________________________________________________________
____________________________________________________________________


-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-

[~] Exploit Title: [jDownloads 1.0 Remote File Upload Vulnerability]


[~] Found By: Al-Ghamdi
[?] Contact: by-root@hotmail.com
[?] Date: 18.5.20ll   
[?] Home: in my home
[~] Software Link: [http://www.jdownloads.com/index.php?option=com_jdownloads&Itemid=133&task=view.download&catid=22&cid=234]
[~] Version: Version:1.0
[~] Dork : "Powered by jDownloads"
____________________________________________________________________
____________________________________________________________________

Exploit :

# Open Site ..
# Register [When required you to register]..
# Go to : [Submit file] ..
# Make Shell format like [shell.php.jpg] ..
# Then Upload your Shell ..
# You will see the path of your shell ..
 

# Example   http://www.site.com/public-relations/testimonials
# Example   http://www.site.com/index.php?/component/option,com_jdownloads/Itemid,70/task,view.upload/

(+)Gr33ts to : Only my God [ Allah ] ..
____________________________________________________________________
____________________________________________________________________

Navigation

Suggest Exploit

Services By CQR