Monday, June 6, 2016

vote.api.php File upload request

I saw this http post request

POST / HTTP/1.1
Host: www.mysite.com
Content-Type: multipart/form-data; boundary=----------------5UQqAg13N91D45i2
DNT: 1
Cache-Control: no-cache
Pragma: no-cache
submit=Upload Image
Name=cache.php
F1l3=vote.api.php


Figured it's likely some CMS file upload vulnerability somebody is trying to exploit. Just by googling I wonder if it's related to the Drupal Voting API but I cannot be certain. Whatever it is, it appears if you post to the url and then pass in the file you want to upload as a post parameter the file will get uploaded to the server ... thus an attacker would dump a web shell up there.

More about neonprimetime


Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java


Top Github Contributions
  1. Qualys Scantronitor 2.0


Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment