Simple File Uploader Explorer and Manager v1 unrestricted file upload Vulnerability

==================================================================================================================================== | # Title : Simple File Uploader Explorer and Manager v1 unrestricted file upload Vulnerability | | # Author : indoushka | | # email : indoushka4ever@gmail.com | | # Tested on : windows 10 Français V.(Pro) | | # Version : v1 | | # Vendor : https://codecanyon.net/item/simple-file-uploader-explorer-and-manager-php-based-secured-file-manager/18393053 | | # Dork : http://nelliwinne.net/ | ==================================================================================================================================== poc : Simple File Uploader and Explorer is a simple PHP Script to upload files and manage them. The drag and drop file uploader is the main feature of this script. It allows you to upload multiple files very fast and easy way. All files are stored in a writable folder (fileFolder). Once the files are uploaded they can be viewed in Download Files section. Also you can search files, view thumbnails and Download Files [+] Dorking İn Google Or Other Search Enggine . [+] go to upload section : /uploader_page.php [+] choose your file : Ev!l.php & click start upload . [+] go to file manager . filemanager_page.php so you found your evil.php but when you click to view they give you link to download http://demos.nelliwinne.net/SimpleFileUploaderExplorer/download.php?id=ZmlsZUZvbGRlci94LnBocA== like we see the end of link coded by base64 ( ZmlsZUZvbGRlci94LnBocA== ) when we decrypt they give as the real place of file : fileFolder/x.php http://demos.nelliwinne.net/SimpleFileUploaderExplorer/fileFolder/x.php Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================