Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-8739 PoC — Adobe Creative Cloud Desktop Application 代码问题漏洞

Source
https://github.com/Pranjal6955/CVE-2014-8739-Test-Environment
Associated Vulnerability
Title:Adobe Creative Cloud Desktop Application 代码问题漏洞 (CVE-2014-8739)
Description:Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
Readme
# CVE-2014-8739 - jQuery File Upload Vulnerability Test Environment

This repository contains testing tools for CVE-2014-8739, which affects jQuery File Upload Plugin 6.4.4 and allows unrestricted file uploads leading to remote code execution.

## Vulnerability Details

- **CVE ID**: CVE-2014-8739
- **Severity**: Critical (CVSS 9.8)
- **Description**: jQuery File Upload Plugin 6.4.4 contains an unrestricted file upload vulnerability caused by lack of validation in `server/php/UploadHandler.php`
- **Impact**: Remote code execution by uploading malicious PHP files
- **CWE**: CWE-434 (Unrestricted Upload of File with Dangerous Type)

## Quick Start - Using Docker Compose

The easiest way to test this vulnerability is using the provided Docker setup:

```bash
# Build and start the vulnerable environment
docker-compose up -d

# Wait 10 seconds for startup
sleep 10

# Test with Nuclei
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml
```

## Alternative Quick Start - Using Existing Vulnerable Docker Image

You can also use the existing `vulhub` Docker image:

```bash
# Quick start with existing image
docker run -d -p 8080:80 vulhub/jquery-file-upload:6.4.4

# Wait 10 seconds for startup
sleep 10

# Test with Nuclei
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml
```

## Testing the Vulnerability

### Using Nuclei
```bash
# Test against the local vulnerable setup
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml

# Test with verbose output
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml -v

# Test with debug output
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml -debug
```

### Manual Testing
1. Access http://localhost:8080
2. Use the file upload form to upload a PHP file
3. The vulnerable application will accept PHP files without proper validation
4. Uploaded PHP files will be stored in `server/php/files/` directory
5. Access the uploaded PHP file directly to execute arbitrary code

### Example PHP Payload
Create a file named `test.php` with the following content:
```php
<?php
echo "Vulnerable to CVE-2014-8739!";
phpinfo();
?>
```

## Vulnerability Analysis

The vulnerable `UploadHandler.php` file lacks proper file type validation:

1. **Missing File Extension Validation**: No check for dangerous file extensions like `.php`
2. **No MIME Type Validation**: Relies only on filename validation
3. **Unrestricted Upload Directory**: Files are uploaded to a web-accessible directory
4. **Direct File Access**: Uploaded PHP files can be accessed and executed directly

## Security Recommendations

1. **Upgrade**: Use the latest version of jQuery File Upload plugin
2. **File Type Validation**: Implement server-side file type validation
3. **Extension Whitelist**: Only allow safe file extensions
4. **Secure Upload Directory**: Store uploads outside web root or use proper access controls
5. **File Permissions**: Restrict file permissions and use proper ownership

## Docker Setup Details

### Using Docker Compose (Recommended)
```bash
# Build and start the vulnerable environment
docker-compose up -d

# The application will be available at http://localhost:8080
# Uploaded files are stored in the ./uploads directory
```

### Using vulhub/jQuery-File-Upload:6.4.4
```bash
# This is the official vulnerable image for this CVE
docker run -d -p 8080:80 vulhub/jquery-file-upload:6.4.4

# Test immediately
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml
```

## Disclaimer

⚠️ **WARNING**: This setup is intentionally vulnerable and should ONLY be used for:
- Security research and testing
- Educational purposes
- Template validation
- Penetration testing practice

**NEVER deploy this in a production environment or expose it to the internet.**

## Contributing

If you find issues with the testing setup or have improvements for the Nuclei template, please submit a pull request or contact templates@projectdiscovery.io.

## References

- [CVE-2014-8739](https://nvd.nist.gov/vuln/detail/CVE-2014-8739)
- [Exploit-DB Entry](https://www.exploit-db.com/exploits/35057/)
- [jQuery File Upload Plugin](https://github.com/blueimp/jQuery-File-Upload)
- [Vulhub jQuery File Upload](https://github.com/vulhub/vulhub/tree/master/jquery-file-upload)
File Snapshot

 [4.0K]  /data/pocs/6e2f6230e6dbf2f9cf1244bc57e2af25090ea6f3
├── [ 235]  docker-compose.yml
├── [3.9K]  Dockerfile
├── [4.2K]  README.md
├── [ 219]  test.php
└── [4.0K]  test-vulnerability.py

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →