CVE-2018-9206

This Metasploit module exploits an arbitrary file upload vulnerability in blueimp's jQuery File Upload widget (versions <= 9.22.0) by uploading a malicious PHP payload to a vulnerable endpoint and executing it. The exploit leverages a misconfiguration in Apache 2.3.9+ where .htaccess restrictions may be disabled.

This exploit demonstrates an arbitrary file upload vulnerability in jQuery-File-Upload 9.22.0, allowing remote code execution by uploading a malicious PHP file. The script automates detection of vulnerable paths and uploads a test payload to verify exploitation.

This exploit targets CVE-2018-9206 in Blueimp's jQuery File Upload <= 9.22.0, allowing arbitrary file upload to achieve remote code execution (RCE) via a malicious PHP shell. The PoC sends a crafted multipart/form-data POST request to upload a shell.php file, which can then be triggered via a GET request.

This repository contains a weaponized exploit for CVE-2018-9206, targeting a file upload vulnerability in jQuery File Upload. The exploit allows for the upload of a malicious shell to a vulnerable server, with support for both single and multiple targets, as well as Tor proxy functionality.

This PoC exploits CVE-2018-9206, a file upload vulnerability in jQuery File Upload, to achieve remote code execution (RCE) by uploading a malicious PHP shell. The script tests multiple paths, uploads a shell, and verifies execution by running a command.

This repository contains a functional exploit for CVE-2018-9206, targeting Imperva firewall bypass via file upload. The PoC uses Node.js to upload a file with a crafted filename to bypass security restrictions.

This repository provides a Dockerized environment to demonstrate CVE-2018-9206, an unrestricted file upload vulnerability in Blueimp jQuery-File-Upload <= 9.22.0. The PoC includes a script to upload and execute a PHP file, confirming remote code execution (RCE).

This script monitors live network traffic for HTTP 404 responses, which it flags as potential CVE-2018-9206 attacks, and sends an email alert. It does not exploit the vulnerability but acts as a detection mechanism.

This PoC exploits CVE-2018-9206, an arbitrary file upload vulnerability in the jQuery File Upload plugin. It uploads a PHP file containing `phpinfo()` to demonstrate the vulnerability.

This repository contains documentation and source code for CVE-2018-9206, which is related to a vulnerability in jQuery File Upload Plugin. The provided files include READMEs and JavaScript files but no actual exploit code or proof-of-concept.

This Metasploit module exploits an arbitrary file upload vulnerability in blueimp's jQuery File Upload widget (versions <= 9.22.0) by uploading a malicious PHP payload to a vulnerable endpoint and executing it. It leverages misconfigured Apache settings (AllowOverride None) to bypass .htaccess restrictions.