SWFUpload v2.5.0 Beta 3 File Arbitrary Upload

vendor:

SWFUpload

by:

Daniel Godoy

7.5

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: SWFUpload

Affected Version From: SWFUpload v2.5.0 Beta 3

Affected Version To: SWFUpload v2.5.0 Beta 3

Patch Exists: NO

Related CWE: N/A

CPE: swfupload

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

SWFUpload v2.5.0 Beta 3 File Arbitrary Upload

A vulnerability in SWFUpload v2.5.0 Beta 3 allows an attacker to upload arbitrary files with a php extension. This can be exploited to execute arbitrary PHP code by accessing the uploaded file via a web browser.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate file extensions.

Source

Exploit-DB raw data:

# Exploit Title: SWFUpload v2.5.0 Beta 3 File Arbitrary Upload
# Date: 07/02/2011
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software: SWFUpload v2.5.0 Beta 3
# Software Link: http://code.google.com/p/swfupload/
# Demo: http://demo.swfupload.org/v250beta3/simpledemo/

[Comment]
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
Lezaeta, Nicolas Montanaro, Inyexion, Login-Root, KikoArg, Ricota,
Xarnuz, Truenex, TsunamiBoom, _tty0, Big, Sunplace, Killerboy,Erick
Jordan,Animacco ,
yojota, Pablin77, SPEED, Knet, Cereal, Yago, Rash, MagnoBalt, El
Rodrix, l0ve, NetT0xic,
Gusan0r, Sabertrail, Maxi Soler, Darioxhcx,r0dr1,Zer0-Zo0rg,Relampago

[POC]

http://path/swfupload/index.php

you can upload files with php extension.

Example: c99.php, shell.gif.php, etc...