File Upload Vulnerability

################################################## #####
#
# [+] Exploit Title: FileChucker v4.56t-e07 File Upload Vulnerability
# [+] Google Dork: inurl:/cgi-bin/filechucker.cgi OR "intext:File Upload by Encodable" OR inurl:/cgi-bin/filechucker.pl
# [+] Date: 24-09-2015
# [+] Exploit Author: ****
# [+] Discovered By : Black
# [+] Category: webapps
# [+] Software Link: http://encodable.com/filechucker/trial/filechucker.zip
# [+] Vendor Homepage: http://encodable.com/filechucker/
# [+] Version: 4.56t-e07
# [+] Tested on: Windows 7
#
################################################## #####
#
# [+] Exploit:
#
# [+] http://localhost/[path]/cgi-bin/filechucker.cgi
# [+] http://localhost/[path]/cgi-bin/filechucker.pl
#
#
################################################## #####
#
# [+] Proof:
#
# [+] http://localhost/[path]/cgi-bin/filechucker.cgi
# [1] You must enter the requested information first.
# [2] Please Click on the Browse and Select a file ( .htm , .html , .gif , .jpg , .png , .txt )
# [3] http://localhost/[path]/upload/files/index.htm OR index.html
#
################################################## #####
#
# [+] Demo site:
#
# [+] http://encodable.com/filechucker/#demo
# [+] http://encodable.com/uploaddemo/
# [+] http://www.middadmit.org/cgi-bin/filechucker.cgi
# [+] Upload a file
# [+] $title_for_titlebar
#
################################################## #####

Share on Google Plus

About portwebbo

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.