BigDump 0.35b – Arbitrary File Upload - 体验盒子

作者： felipe andrian

日期： 2014-03-24

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/32479/

[+] Arbitrary Upload on BigDump v0.35b
[+] Date: 23/03/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.ozerov.de/bigdump/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: bigdump.php
[+] Version: v0.35b
[+] Exploit : http://host/bigdump.php?start= 
[+] PoC: http://SERVER/bigdump.php?start=

Note: allows upload files and shells with tamperdate.