header-logo
Suggest Exploit
vendor:
YUI Images Script
by:
Mr.P3rfekT
N/A
CVSS
N/A
Shell Upload
N/A
CWE
Product Name: YUI Images Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
N/A

YUI Images Script Shell Upload Vulnerability

YUI Images Script is vulnerable to shell upload. An attacker can upload a malicious file with a .php.giff extension to the server. The malicious file can be accessed at http://127.0.0.1/YUI-upload/html/files/

Mitigation:

The application should be configured to only allow the upload of files with the appropriate extensions and should also be configured to reject files with multiple extensions.
Source

Exploit-DB raw data:

# Title: YUI Images Script Shell Upload Vulnerability
# Version: 1.0
# Author: Mr.P3rfekT
# Software Link: http://momche.net/res/YUI-upload/html/momche-yui-upload.zip
# Tested on Lunix
# CVE : N/A

############### Founded By Mr.P3rfekT ###############

Helllo Allz


# Exploit :

http://127.0.0.1/YUI-upload/html (Upload shell .php.giff)
Go To
http://127.0.0.1/YUI-upload/html/files/ (Your Shell.php.giff)

Done


####################################################################

MaiL :R4p@hotmail.com

Greeetz To : Dr.Pro,HcJ,Nani17,SyrianGhost,www.v4-team.com,www.m66x.com


###############################################

Navigation

Suggest Exploit

Services By CQR