MRW PHP Upload Remote File Upload Vulnerability

vendor:

MRW PHP Upload

by:

Phenom

9,3

CVSS

HIGH

Remote File Upload Vulnerability

434

CWE

Product Name: MRW PHP Upload

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows xp sp3

2010

MRW PHP Upload Remote File Upload Vulnerability

A vulnerability exists in MRW PHP Upload, which allows an attacker to upload a malicious file to the server. The attacker can then access the uploaded file by accessing the URL http://site.com/path/upload/yourshell.php

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate MIME type and file extension.

Source

Exploit-DB raw data:

# Date: 12/02/2010
# Author: Phenom
# Software Link: http://www.mrwebmaster.it/_store/script/php_luke_mrw_upload.zip
# Version: 
# Tested on: Windows xp sp3

------------------------------------------------------

 _____  _                                
|  __ \| |                               
| |__) | |__   ___ _ __   ___  _ __ ___  
|  ___/| '_ \ / _ \ '_ \ / _/\| '_ ` _ \ 
| |    | | | |  __/ | | | (_) | | | | | |
|_|    |_| |_|\___|_| |_|\/__/|_| |_| |_|


------------------------------------------------------

#######   MRW PHP Upload Remote File Upload Vulnerability   #####################
#
#       Author : Phenom
#
#       vendor : www.lukeonweb.net
#
#################################################################################

####### Exploit #################################################################
#
#     1- http://site.com/path/upload.html
#
#         upload your shell 
#
#     2- http://site.com/path/upload/yourshell.php
#
#         get your shell
#
#################################################################################