TinyBrowser Remote File upload Vulnerability

vendor:

TinyBrowser

by:

Ra3cH

7,5

CVSS

HIGH

Remote File upload

Not available

CWE

Product Name: TinyBrowser

Affected Version From: Not available

Affected Version To: Not available

Patch Exists: Not available

Related CWE: Not available

CPE: Not available

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Not available

Not available

TinyBrowser Remote File upload Vulnerability

The vulnerability allows an attacker to upload malicious files to the vulnerable server. The attacker can access the vulnerable URL http://[PATH]/tinybrowser/upload.php?type= and upload malicious files to the server.

Mitigation:

Restrict access to the vulnerable URL and ensure that only authorized users can access it.

Source

Exploit-DB raw data:

************************************************************
** 	 TinyBrowser Remote File upload Vulnerability
************************************************************
**  Prodcut:		TinyBrowser   
**  Home   : 		www.dz4all.com/cc
**  Vunlerability :		Remote File upload
**  Risk  :		High
**  Dork : 		inurl:"tinybrowser.php?"
************************************************************
** Discovred by:	Ra3cH
** From	       :	Algeria
** Contact     : 	e51@hotmail.fr
** *********************************************************
************************************************************
**  Exploit:
**  http://[PATH]/tinybrowser/upload.php?type=
**   
**  
************************************************************
**  Exemple:
**  http://[site]/wp-content/plugins/simple-forum/editors/tinymce/plugins/tinybrowser/upload.php?type=
**
**
**
************************************************************ 
**  ** Greetz to :     ALLAH
**         All Members of  http://www.DZ4All.cOm/Cc
**          And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & T O X ! N £ & n2n & 
***********************************************************