/web/assets/swf/uploadify.php Line 26:
Determine whether $_FILES is empty->Get the document root directory+folder+name->upload file. File type is not restricted.
if (!empty($_FILES)) {
$tempFile = $_FILES['Filedata']['tmp_name'];
$targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/';
$targetFile = str_replace('//','/',$targetPath) . $_FILES['Filedata']['name'];
// $fileTypes = str_replace('*.','',$_REQUEST['fileext']);// $fileTypes = str_replace(';','|',$fileTypes);// $typesArray = split('\|',$fileTypes);// $fileParts = pathinfo($_FILES['Filedata']['name']);// if (in_array($fileParts['extension'],$typesArray)) {// Uncomment the following line if you want to make the directory if it doesn't exist// mkdir(str_replace('//','/',$targetPath), 0755, true);
move_uploaded_file($tempFile,$targetFile);
echo$targetFile;
Vulnerability: Cobub Razor file upload
Detail:
/web/assets/swf/uploadify.php Line 26:
Determine whether $_FILES is empty->Get the document root directory+folder+name->upload file. File type is not restricted.
POC:
Construct an upload POST:
Upload success:
The text was updated successfully, but these errors were encountered: