header-logo
Suggest Exploit
vendor:
Ultimate Uploader
by:
Master Mind
9.3
CVSS
HIGH
Remote File Upload Vulnerability
434
CWE
Product Name: Ultimate Uploader
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: NO
Related CWE: N/A
CPE: element-it.com
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

Ultimate Uploader 1.3

Ultimate Uploader 1.3 is vulnerable to a remote file upload vulnerability. An attacker can upload a malicious file to the server by accessing the upload page of the script. The malicious file can be uploaded with any extension and can be accessed from the upload folder. This can be used to gain remote code execution on the server.

Mitigation:

Disable file uploads or restrict the types of files that can be uploaded. Implement a whitelist of allowed file types and validate the file type before accepting the upload.
Source

Exploit-DB raw data:

==========================================================================

~ Script Name : Ultimate Uploader 1.3
~ Language : php
~ Vendor : http://www.element-it.com
~ Author : Master Mind
~ Home : www.shdowskill.com , www.vbspiders.com

============================================================

Dork : Sorry , I can't do everything for you :(

How To Use : 
http://server/script path/

upload your shell  : Shell.php (Or any extension you want)

Shell Path
http://server/script path/upload/Shell.php

:)

#############################################################################
#  Master Mind sends Greets To :                                                                                                  #
# The Electronic Bomb , Twi[L]ight , R3D EYE , Doom[PS] , Mr.BoOoO , AND ALL MEMBERS :) #
#                                                                                                                                                     #
############################################################################