Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-9208 PoC — jQuery Picture Cut 输入验证漏洞

Source
https://github.com/cved-sources/cve-2018-9208
Associated Vulnerability
Title:jQuery Picture Cut 输入验证漏洞 (CVE-2018-9208)
Description:jQuery Picture Cut是一款用于处理图像的jQuery插件。该产品具有图片上传和图片裁剪?功能。 jQuery Picture Cut 1.1Beta及之前的版本中的/src/php/upload.php文件存在任意文件上传漏洞,该漏洞源于程序没有检查文件类型。攻击者可利用该漏洞向服务器上传任意可执行的PHP文件,执行任意代码。
Description
cve-2018-9208
Readme
# CVE-2018-9208

This is part of Cved: *a tool to manage vulnerable docker containers.*

Cved: https://github.com/git-rep-src/cved

Image source: https://github.com/cved-sources/cve-2018-9208

Image author: https://github.com/lcashdol/Exploits/tree/master/CVE-2018-9208
File Snapshot

 [4.0K]  /data/pocs/5fb2f3ff9482044d010eef466f9612576a603448
├── [4.0K]  build
│   └── [4.0K]  jquery-picture-cut-1.1
│       ├── [ 466]  README.md
│       └── [4.0K]  src
│           ├── [4.0K]  img
│           │   ├── [6.7K]  ajaxloader.gif
│           │   ├── [ 463]  fundo_crop.png
│           │   ├── [ 210]  icon_add_image2.gif
│           │   ├── [2.4K]  icon_add_image2.png
│           │   ├── [2.0K]  icon_add_image.png
│           │   └── [1.5K]  interrogacao.png
│           ├── [ 37K]  jquery.picture.cut.js
│           ├── [4.0K]  php
│           │   ├── [4.0K]  core
│           │   │   ├── [8.4K]  PictureCut.php
│           │   │   └── [ 24K]  TVimageManipulation.php
│           │   ├── [ 310]  crop.php
│           │   └── [ 268]  upload.php
│           └── [4.0K]  windows
│               ├── [4.0K]  core
│               │   └── [5.4K]  window.pc.js
│               ├── [4.0K]  JanelaBootstrap
│               │   ├── [4.0K]  images
│               │   │   ├── [ 180]  ui-bg_flat_0_aaaaaa_40x100.png
│               │   │   ├── [ 120]  ui-bg_glass_55_fbf9ee_1x400.png
│               │   │   ├── [ 105]  ui-bg_glass_65_ffffff_1x400.png
│               │   │   ├── [ 111]  ui-bg_glass_75_dadada_1x400.png
│               │   │   ├── [ 110]  ui-bg_glass_75_e6e6e6_1x400.png
│               │   │   ├── [ 107]  ui-bg_glass_75_ffffff_1x400.png
│               │   │   ├── [ 101]  ui-bg_highlight-soft_75_cccccc_1x100.png
│               │   │   ├── [ 123]  ui-bg_inset-soft_95_fef1ec_1x100.png
│               │   │   ├── [4.3K]  ui-icons_222222_256x240.png
│               │   │   ├── [4.3K]  ui-icons_2e83ff_256x240.png
│               │   │   ├── [4.3K]  ui-icons_454545_256x240.png
│               │   │   ├── [4.3K]  ui-icons_888888_256x240.png
│               │   │   ├── [4.3K]  ui-icons_cd0a0a_256x240.png
│               │   │   └── [8.7K]  ui-icons_f6cf3b_256x240.png
│               │   └── [ 45K]  jquery-ui-1.10.0.custom.css
│               ├── [1.0K]  window.bootstrap.php
│               ├── [ 855]  window.jqueryui.php
│               └── [2.1K]  window.popstyle.php
├── [1.0K]  Dockerfile
└── [ 270]  README.md

10 directories, 33 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.