This is a writeup describing a remote file upload vulnerability in Memberkit 1.0, allowing authenticated users to upload arbitrary files (e.g., PHP shells) via the 'My Picture Album' feature. The exploit details the file path structure post-upload but lacks executable code.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Memberkit 1.0
Auth required
Prerequisites:Registered and authenticated user account · Access to the 'My Picture Album' upload feature