Easy File Uploader - Arbitrary File Upload

EDB-ID:

41944

CVE:

N/A




Platform:

PHP

Date:

2017-04-27


# Exploit Title: Easy File Uploader  - Arbitrary File Upload
# Date: 27/04/2017
# Exploit Author: Daniel Godoy
# Vendor Homepage: https://codecanyon.net/
# Software Link: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287
# Tested on: GNU/Linux
# GREETZ: Rodrigo Mouriño, Rodrigo Avila, #RemoteExecution Team


POC

Drop file php (shell.php) to upload.
access to http://poc_site/fileFolder/shell.php and enjoy!