CVE-2012-10049

This exploit demonstrates multiple vulnerabilities in WebPagetest <= 2.6, including local file disclosure (LFD) and arbitrary file upload (AFU) via directory traversal and insecure file handling. The PoC provides clear examples of how to exploit these flaws to read sensitive files or upload malicious files.

This Metasploit module exploits a file upload vulnerability in WebPageTest (CVE-2012-10049) by uploading a malicious PHP file to the server, leading to remote code execution. The exploit leverages the lack of file type verification in the resultimage.php endpoint.

This Metasploit module exploits an arbitrary PHP file upload vulnerability in WebPageTest v2.6 or older. It uploads a malicious PHP file via the resultimage.php endpoint and executes it to achieve remote code execution.