26 lines
No EOL
920 B
Text
26 lines
No EOL
920 B
Text
# Exploit Title: Ajax Upload Arbitrary File Upload
|
|
# Date: 30/01/2012
|
|
# Author: Daniel Godoy
|
|
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
|
|
# Author Web: www.delincuentedigital.com.ar
|
|
# Software: Ajax Upload
|
|
# http://valums.com/ajax-upload/
|
|
# Tested on: Linux
|
|
|
|
[Comment]
|
|
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
|
|
Lezaeta, Inyexion, Login-Root, KikoArg, Ricota, Truenex, _tty0, Big,
|
|
Sunplace,Erick Jordan,Animacco ,yojota, Pablin77, SPEED, Knet,
|
|
Cereal, Yago, Rash, MagnoBalt, El Rodrix,NetT0xic,Gusan0r,Lucas Apa,
|
|
Maxi Soler, Darioxchx,r0dr1,Zer0-Zo0rg
|
|
|
|
|
|
[Arbitrary File Upload]
|
|
|
|
You can upload any file you want by bypasss extesion wing headers, if
|
|
you use mozilla firefox live http headers can be used for modification
|
|
of the same.
|
|
or naming the file but also for example as shell.php.php.php.jpg.zip
|
|
|
|
-------------------------
|
|
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com |