CVE-2011-2745

Chyrp < 2.0 - Authenticated Arbitrary PHP File Upload via swfupload Extension

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2745. PoCs published by Wireghoul.

AI-analyzed exploit summary This exploit demonstrates a file upload vulnerability in Chyrp 2.1 by modifying the file_types parameter in the SWFUpload configuration to allow PHP file uploads, enabling arbitrary code execution. The PoC shows how an attacker can bypass client-side restrictions to upload malicious files.

Description

upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Wireghoul · textwebappsphp

https://www.exploit-db.com/exploits/35947

View Code ZIP pw:eip

This exploit demonstrates a file upload vulnerability in Chyrp 2.1 by modifying the file_types parameter in the SWFUpload configuration to allow PHP file uploads, enabling arbitrary code execution. The PoC shows how an attacker can bypass client-side restrictions to upload malicious files.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Chyrp 2.1

Auth required

Prerequisites: Authenticated session · Access to the admin panel · Intercepting proxy to modify requests

MITRE ATT&CK