Key Information Vulnerability Name: Glossword 1.8.8 < 1.8.12 - Arbitrary File Upload (Metasploit) EDB-ID: 36940 CVE: None Author: Metasploit Type: Remote Platform: PHP Date: 2013-02-25 Verification Status: EDB Verified Vulnerability Description This vulnerability allows remote attackers to upload arbitrary files in Glossword versions 1.8.8 to 1.8.12. By exploiting this flaw, attackers can upload malicious files under the identity of an authenticated user. Exploitation Method Authentication: Requires authentication Target: Automated target selection Default Port: 80 Code Snippets Login: Authenticate using the method File Upload: Upload files using the method Execute Command: Execute PHP code using the method Additional Information Tags: Metasploit Framework (MSF) Related Links: - Glossword Exploits - Google Hacking - Paper: Researching Manual WebApp Bugs - Statistics: Exploit Breakdown