vendor:
The Uploader 2.0
by:
Master Mind
7.5
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: The Uploader 2.0
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A
The Uploader 2.0
The Uploader 2.0 is a php script which allows an attacker to upload a malicious file to the server. The attacker can upload a shell file (Shell.php) or any other extension to the server and access it via the URL http://server/script path/sdgsd/Shell.php
Mitigation:
The application should validate the file type before allowing it to be uploaded. The application should also restrict the file types that can be uploaded.