This is a writeup describing an arbitrary file upload vulnerability in Transloader 1.0, allowing attackers to upload malicious files (e.g., PHP shells) via the 'Transloader' web interface. The exploit involves submitting a form with a remote shell link and a target filename, resulting in the shell being uploaded to the '/transloaded/' directory.
Classification
Writeup 90%
Target:
Transloader 1.0
No auth needed
Prerequisites:
Access to the Transloader web interface · A remotely hosted shell file