Easy File Uploader Remote Shell Upload

Easy File Uploader suffers from a remote shell upload vulnerability.


MD5 | 8ac3610167d2a6610763fae78f9e7f29

# Exploit Title: Easy File Uploader  - Arbitrary File Upload
# Date: 27/04/2017
# Exploit Author: Daniel Godoy
# Vendor Homepage: https://codecanyon.net/
# Software Link: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287
# Tested on: GNU/Linux
# GREETZ: Rodrigo MouriA+-o, Rodrigo Avila, #RemoteExecution Team


POC

Drop file php (shell.php) to upload.
access to http://poc_site/fileFolder/shell.php and enjoy!


Related Posts