CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/unix/webapp/jquery_file_upload.md
Views: 1904
Introduction
This module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions <= 9.22.0.
Due to a default configuration in Apache 2.3.9+, the widget's .htaccess
file may be disabled, enabling exploitation of this vulnerability.
This vulnerability has been exploited in the wild since at least 2015 and was publicly disclosed to the vendor in 2018. It has been present since the .htaccess
change in Apache 2.3.9.
This module provides a generic exploit against the jQuery widget.
Setup
Targets
Options
TARGETURI
Set this to the base path of jQuery File Upload. /jQuery-File-Upload
and those including a version are common. /upload
may be another. You may want to use another tool like dirb
to handle enumeration.