This advisory details a local file include vulnerability in Mobile Drive HD v1.8, where the `filename` parameter in the `upload` module allows attackers to inject malicious filenames via POST requests, leading to unauthorized file inclusion. The writeup includes technical details, PoC logs, and mitigation steps.
Classification
Writeup 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target:Mobile Drive HD v1.8
No auth needed
Prerequisites:Access to the local network or WiFi interface of the target device