SWFupload 2.5.0 Beta 3 – Arbitrary File Upload

• Exploit Database
• 14 阅读

• 作者： Daniel Godoy
  日期： 2011-02-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16131/

• # Exploit Title: SWFUpload v2.5.0 Beta 3 File Arbitrary Upload
  # Date: 07/02/2011
  # Author: Daniel Godoy
  # Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
  # Author Web: www.delincuentedigital.com.ar
  # Software: SWFUpload v2.5.0 Beta 3
  # Software Link: http://code.google.com/p/swfupload/
  # Demo: http://demo.swfupload.org/v250beta3/simpledemo/
  
  [Comment]
  Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
  Lezaeta, Nicolas Montanaro, Inyexion, Login-Root, KikoArg, Ricota,
  Xarnuz, Truenex, TsunamiBoom, _tty0, Big, Sunplace, Killerboy,Erick
  Jordan,Animacco ,
  yojota, Pablin77, SPEED, Knet, Cereal, Yago, Rash, MagnoBalt, El
  Rodrix, l0ve, NetT0xic,
  Gusan0r, Sabertrail, Maxi Soler, Darioxhcx,r0dr1,Zer0-Zo0rg,Relampago
  
  [POC]
  
  http://path/swfupload/index.php
  
  you can upload files with php extension.
  
  Example: c99.php, shell.gif.php, etc...