CVE-2018-9206 PoC — Blueimp jQuery-File-Upload 安全漏洞

Source

https://github.com/cved-sources/cve-2018-9206

Associated Vulnerability

Title:Blueimp jQuery-File-Upload 安全漏洞 (CVE-2018-9206)
Description:Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

Description

cve-2018-9206

Readme

# CVE-2018-9206

This is part of Cved: *a tool to manage vulnerable docker containers.*

Cved: https://github.com/git-rep-src/cved

Image source: https://github.com/cved-sources/cve-2018-9206

Image author: https://github.com/lcashdol/Exploits/tree/master/CVE-2018-9206

File Snapshot


 [4.0K]  /data/pocs/aa541ecb01628de6ece6d7fb9c4ac3485e4b7aa3
├── [4.0K]  build
│   └── [4.0K]  jquery-file-upload-9.0.0
│       ├── [ 12K]  angularjs.html
│       ├── [6.5K]  basic.html
│       ├── [ 10K]  basic-plus.html
│       ├── [1.5K]  blueimp-file-upload.jquery.json
│       ├── [2.0K]  bower.json
│       ├── [2.5K]  CONTRIBUTING.md
│       ├── [4.0K]  cors
│       │   ├── [2.0K]  postmessage.html
│       │   └── [ 537]  result.html
│       ├── [4.0K]  css
│       │   ├── [1.1K]  demo.css
│       │   ├── [ 396]  demo-ie8.css
│       │   ├── [ 655]  jquery.fileupload.css
│       │   ├── [ 431]  jquery.fileupload-noscript.css
│       │   ├── [1.1K]  jquery.fileupload-ui.css
│       │   ├── [ 371]  jquery.fileupload-ui-noscript.css
│       │   └── [ 294]  style.css
│       ├── [4.0K]  img
│       │   ├── [3.8K]  loading.gif
│       │   └── [3.2K]  progressbar.gif
│       ├── [ 13K]  index.html
│       ├── [ 12K]  jquery-ui.html
│       ├── [4.0K]  js
│       │   ├── [3.5K]  app.js
│       │   ├── [4.0K]  cors
│       │   │   ├── [3.9K]  jquery.postmessage-transport.js
│       │   │   └── [3.3K]  jquery.xdr-transport.js
│       │   ├── [ 16K]  jquery.fileupload-angular.js
│       │   ├── [3.3K]  jquery.fileupload-audio.js
│       │   ├── [ 11K]  jquery.fileupload-image.js
│       │   ├── [4.7K]  jquery.fileupload-jquery-ui.js
│       │   ├── [ 58K]  jquery.fileupload.js
│       │   ├── [5.9K]  jquery.fileupload-process.js
│       │   ├── [ 27K]  jquery.fileupload-ui.js
│       │   ├── [3.9K]  jquery.fileupload-validate.js
│       │   ├── [3.3K]  jquery.fileupload-video.js
│       │   ├── [10.0K]  jquery.iframe-transport.js
│       │   ├── [2.5K]  main.js
│       │   └── [4.0K]  vendor
│       │       └── [ 15K]  jquery.ui.widget.js
│       ├── [1.6K]  package.json
│       ├── [7.5K]  README.md
│       ├── [4.0K]  server
│       │   ├── [4.0K]  gae-go
│       │   │   ├── [4.0K]  app
│       │   │   │   └── [6.6K]  main.go
│       │   │   ├── [ 214]  app.yaml
│       │   │   └── [4.0K]  static
│       │   │       ├── [1.1K]  favicon.ico
│       │   │       └── [  24]  robots.txt
│       │   ├── [4.0K]  gae-python
│       │   │   ├── [ 262]  app.yaml
│       │   │   ├── [5.5K]  main.py
│       │   │   └── [4.0K]  static
│       │   │       ├── [1.1K]  favicon.ico
│       │   │       └── [  24]  robots.txt
│       │   ├── [4.0K]  node
│       │   │   ├── [1.1K]  package.json
│       │   │   ├── [4.0K]  public
│       │   │   │   └── [4.0K]  files
│       │   │   ├── [ 11K]  server.js
│       │   │   └── [4.0K]  tmp
│       │   └── [4.0K]  php
│       │       ├── [4.0K]  files
│       │       ├── [ 355]  index.php
│       │       └── [ 50K]  UploadHandler.php
│       └── [4.0K]  test
│           ├── [7.2K]  index.html
│           └── [ 40K]  test.js
├── [1023]  Dockerfile
└── [ 270]  README.md

21 directories, 52 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!