This exploit demonstrates a remote file upload vulnerability in CuteNews 2.0.3, allowing an attacker to upload a malicious PHP file by manipulating the file extension during the avatar upload process. The exploit requires user authentication and leverages a lack of proper file extension validation.
Classification
Working Poc 90%
Target:
CuteNews 2.0.3
Auth required
Prerequisites:
User registration · Authentication credentials · Tampering with HTTP requests (e.g., using Tamper Data)