2021-06-05 16:34:09 +00:00
id : exposed-jquery-file-upload
info :
2023-03-10 20:24:54 +00:00
name : BlueImp jQuery-File-Upload - Arbitrary File Upload
2021-06-05 16:34:09 +00:00
author : dhiyaneshDk
2023-03-10 18:44:33 +00:00
severity : critical
description : BlueImp jQuery-File-Upload does not require validation to upload files to the server and does not exclude file types, which can lead to a remote code execution vulnerability.
2022-04-22 10:38:41 +00:00
reference :
- https://www.exploit-db.com/exploits/45584
2023-03-10 20:00:55 +00:00
- https://github.com/blueimp/jQuery-File-Upload/blob/master/server/php/UploadHandler.php
2023-03-10 18:44:33 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
cwe-id : CWE-434
2022-08-27 04:41:18 +00:00
tags : exposure,jquery,edb
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2021-06-05 16:34:09 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-06-05 16:34:09 +00:00
- method : GET
path :
- "{{BaseURL}}/jquery-file-upload/server/php/"
2021-06-06 12:25:05 +00:00
matchers-condition : and
2021-06-05 16:34:09 +00:00
matchers :
- type : regex
regex :
- '^{\"files\":'
part : body
2021-06-06 12:25:05 +00:00
- type : word
words :
- "text/plain"
part : header
2023-03-08 22:15:05 +00:00
2023-03-10 18:44:33 +00:00
# Enhanced by cs on 2023/03/10