This exploit demonstrates an arbitrary file upload vulnerability in MPS Box 0.1.8.0, allowing an attacker to upload a malicious PHP file via the device_add.php endpoint. The PoC includes steps for authentication bypass via SQL injection and file upload to achieve remote code execution.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:MPS Box 0.1.8.0
No auth needed
Prerequisites:Network access to the target application · MPS Box 0.1.8.0 installed and running