This exploit demonstrates an arbitrary file upload vulnerability in Torrent Hoster, allowing an attacker to upload a malicious file (e.g., a web shell) by tampering with the upload request. It also includes an XSS payload for additional exploitation.
Classification
Working Poc 80%
Target:
Torrent Hoster (version unspecified)
No auth needed
Prerequisites:
Access to the Torrent Hoster upload page · Ability to intercept/modify HTTP requests (e.g., via Tamper Data)