PoC for CVE-2018-9206
Based on the following:
usage: BlueimpScan.py [-h] [-p PREFIX] [-u USER_AGENT] host CVE-2018-9206 PoC, initial release by Den1al, enhanced by NopSec positional arguments: host the host to check, host:port, or CIDR range optional arguments: -h, --help show this help message and exit -p PREFIX, --prefix PREFIX The prefix for the path -u USER_AGENT, --user-agent USER_AGENT The user agent to send the requests with
pip3 install -r requirements.txt
Useful stuff to know
The path prefix is set to "jQuery-File-Upload-9.22.0", this may not reflect the default path of the vulnerable files on your server(s). If the default setting fails I'd recommend trying "jQuery-File-Upload".
There is no output for hosts that are not vulnerable.