Max File Upload File Extension Arbitrary File Upload Vulnerability
BID:30515
Info
Max File Upload File Extension Arbitrary File Upload Vulnerability
| Bugtraq ID: | 30515 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 02 2008 12:00AM |
| Updated: | Aug 04 2008 04:57PM |
| Credit: | [email protected] |
| Vulnerable: |
Anyscripte Max File Upload 0 |
| Not Vulnerable: | |
Discussion
Max File Upload File Extension Arbitrary File Upload Vulnerability
Max File Upload is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.
Max File Upload is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.
Exploit / POC
Max File Upload File Extension Arbitrary File Upload Vulnerability
Attackers may exploit this issue through a browser.
Attackers may exploit this issue through a browser.
Solution / Fix
Max File Upload File Extension Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Max File Upload File Extension Arbitrary File Upload Vulnerability
References:
References:
- File upload exploit ([email protected])
- Max File Upload Homepage (Anyscripte)