This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user.
4e68353612f3c0f049691f3af33362bfThis document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.
f480e11bbb87f0689d864f58c065154dQNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS.
e0f4de64c7524a918a49796c1ab9986eSchlix CMS version 2.2.6-6 suffers from an arbitrary file upload and a directory traversal that together can lead to remote command execution.
f2f6e3d92179511f87fa66f851387309Subrion CMS version 4.2.1 file upload bypass exploit that uploads a shell.
e874feae0d57f116b1f5a86b2f618f2bWordPress WP Super Edit plugin version 2.5.4 suffers from an arbitrary file upload vulnerability.
40b02ffb098a5c31c187c21257fe02c9GNU wget versions prior to 1.1.8 arbitrary file upload and code execution exploit.
b58323ee91fc57fe6f500e0a6fef2cb9Montiorr version 1.7.6m suffers from a cross site scripting vulnerability via a file upload.
f585a3504139898906468d253c6f7c04Monospace Directus Headless CMS versions prior to 8.8.2 suffers from .htaccess rule bypass and arbitrary file upload vulnerabilities.
a539b17d7f2faaebf90a4f897e76ae67Atlassian Jira Service Desk version 4.9.1 suffers from a cross site scripting vulnerability via a file upload.
840e289057a75abee3ebef734b12ec0aThis Metasploit module exploits an unauthenticated arbitrary file upload in FortiLogger via an insecure POST request. It has been tested on versions prior to 5.2.0 in Windows 10 Enterprise.
e0599a186c02f74ac877f0ee7bf396adWhitepaper that discusses XXE exploitation via file uploads.
6297f76616d0df90e80a81841b4d2d54Dolibarr ERP/CRM version 11.0.4 authenticated file upload restrictions bypass exploit that achieves remote code execution.
fe74304105aaecf46ea3be88063bb592This Metasploit module exploits an unauthenticated log file upload within the log_upload_wsgi.py file of VMWare View Planner 4.6 prior to 4.6 Security Patch 1. Successful exploitation will result in remote code execution as the apache user inside the appacheServer Docker container.
fdf94c86e405a2eb33104f6978f68b72This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request in SonLogger. It has been tested on version less than 6.4.1 in Windows 10 Enterprise.
0593a294d2d56ed9398dbcfc8185421aThis Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren't exploitable via the webshell technique. Furthermore, writing an SSH public key to /home/vsphere-ui/.ssh/authorized_keys works, but the user's non-existent password expires 90 days after install, rendering the technique nearly useless against production environments. You'll have the best luck targeting older versions of the Linux appliance. The Windows target should work ubiquitously.
db7174f0c4fc0e0b2ac2dea0a4523ebfThis Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request to Fortilogger. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.
986492d22038a772f87e46c47ea24f02VMware vCenter Server version 7.0 unauthenticated arbitrary file upload exploit.
8dcbcd4aa0bd7cc8803e9bfffc6bc6cdTestLink version 1.9.20 suffers from a remote shell upload vulnerability.
ae7a82dc9cd277f7eda03cb9961266caDiscord Probot suffers from an arbitrary file upload vulnerability.
fd81cb48fbf83ef8a47b35f2ebe27490E-Learning System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass and also suffers from remote code execution via file upload functionality.
bd3d65870be0207ac9da305059435137EyesOfNetwork version 5.3 suffers from a remote code execution vulnerability that leverages file upload. Original discovery of remote code execution in this version is attributed to Clement Billac in February of 2020.
080019485e2ef8b6d7f66a5cd8adfc99This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
77c5903183e5519dfd6d1477ae0018a4Incom CMS version 2.0 suffers from an unauthenticated arbitrary file upload vulnerability.
e37477593ca5df2723fa00d2390b8cfaRock RMS suffers from arbitrary file upload, account takeover, and personal information disclosure vulnerabilities. Various versions are affected.
496349ae2fd93f703a324dcbbd378676
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed