This is a writeup describing an unauthenticated file upload vulnerability in PicMe v2.1.0, allowing attackers to upload shells via the upload.php endpoint after registering and activating an account.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:PicMe v2.1.0
Auth required
Prerequisites:Access to the registration page (join.php) · Valid email to receive activation link · Access to the upload.php endpoint after activation