header-logo
Suggest Exploit
vendor:
Max's AJAX File Uploader
by:
ViRuSMaN
8.8
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: Max's AJAX File Uploader
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Max’s AJAX File Uploader Remote File Upload Vulnerability

A vulnerability exists in Max's AJAX File Uploader which allows an attacker to upload a malicious file to the server. The attacker can then access the uploaded file by providing the path to the file in the URL. The vulnerability is due to insufficient validation of the uploaded file type.

Mitigation:

The application should validate the uploaded file type and only allow files of the expected type to be uploaded. Additionally, the application should also check the content of the uploaded file to ensure that it does not contain malicious code.
Source

Exploit-DB raw data:

##############################################################
|
| Max's AJAX File Uploader Remote File Upload Vulnerability
|
| Author : [ViRuSMaN]
|
| Contact : [v.-m@live.com]
|
| Home : [Islam-Attack.CoM , HackTeach.OrG]
|
| Download : [http://www.ajaxf1.com/download.html?dl=12]
|
##############################################################
|
|
| Exp :
|
| 1- Upload Your Shell [yourshell.php]
|
| 2- Pwd Your Shell [xxxx.com/path/yourshell.php]
|
|
##############################################################
|
| Greets : All members of islam-attack.com , hackteach.org & All Muslim's
|
##############################################################