CVE-2008-6822

New Earth Programming Team imgupload 1.0 - Unauthenticated Arbitrary File Upload via uploadp.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6822. PoCs published by Dentrasi.

AI-analyzed exploit summary This is a writeup describing a vulnerability in NEPT Image Uploader 1.0 that allows arbitrary file upload by tampering with the Content-Type header. The attacker can upload a PHP script by changing the Content-Type to 'image/jpeg' to bypass server-side validation.

Description

Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Dentrasi · textwebappsphp

https://www.exploit-db.com/exploits/6830

View Code ZIP pw:eip

This is a writeup describing a vulnerability in NEPT Image Uploader 1.0 that allows arbitrary file upload by tampering with the Content-Type header. The attacker can upload a PHP script by changing the Content-Type to 'image/jpeg' to bypass server-side validation.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: NEPT Image Uploader 1.0

No auth needed

Prerequisites: Access to the upload functionality · Ability to intercept and modify HTTP requests

MITRE ATT&CK