CVE-2008-6932

AlstraSoft SendIt Pro - Unauthenticated Arbitrary File Upload via submit_file.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6932. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit leverages a file upload vulnerability in AlstraSoft SendIt Pro, allowing an attacker to upload a malicious PHP shell disguised as an image file (e.g., shell.php.pjpeg) and achieve remote code execution (RCE). The exploit involves bypassing file type restrictions by manipulating the file extension.

Description

Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/7101

View Code ZIP pw:eip

This exploit leverages a file upload vulnerability in AlstraSoft SendIt Pro, allowing an attacker to upload a malicious PHP shell disguised as an image file (e.g., shell.php.pjpeg) and achieve remote code execution (RCE). The exploit involves bypassing file type restrictions by manipulating the file extension.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AlstraSoft SendIt Pro

No auth needed

Prerequisites: Access to the vulnerable web application · Ability to upload files

MITRE ATT&CK