漏洞平台

POC详情： 6e2f6230e6dbf2f9cf1244bc57e2af25090ea6f3

来源

https://github.com/Pranjal6955/CVE-2014-8739-Test-Environment

关联漏洞

标题： Adobe Creative Cloud Desktop Application 代码问题漏洞 (CVE-2014-8739)
描述：Adobe Creative Cloud Desktop Application是美国奥多比（Adobe）公司的一套用于在Creative云会员管理中心管理应用程序和服务的应用程序。该程序支持同步和共享文件、管理字体以及访问商业摄影和设计的资产库。 Adobe Creative Cloud Desktop Application之前版本（WordPress）和2.0.1之前版本（Joomla!）中的jQuery File Upload Plugin 6.4.4版本存在代码问题漏洞。远程攻击者可借助特制PH

介绍

# CVE-2014-8739 - jQuery File Upload Vulnerability Test Environment

This repository contains testing tools for CVE-2014-8739, which affects jQuery File Upload Plugin 6.4.4 and allows unrestricted file uploads leading to remote code execution.

## Vulnerability Details

- **CVE ID**: CVE-2014-8739
- **Severity**: Critical (CVSS 9.8)
- **Description**: jQuery File Upload Plugin 6.4.4 contains an unrestricted file upload vulnerability caused by lack of validation in `server/php/UploadHandler.php`
- **Impact**: Remote code execution by uploading malicious PHP files
- **CWE**: CWE-434 (Unrestricted Upload of File with Dangerous Type)

## Quick Start - Using Docker Compose

The easiest way to test this vulnerability is using the provided Docker setup:

```bash
# Build and start the vulnerable environment
docker-compose up -d

# Wait 10 seconds for startup
sleep 10

# Test with Nuclei
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml
```

## Alternative Quick Start - Using Existing Vulnerable Docker Image

You can also use the existing `vulhub` Docker image:

```bash
# Quick start with existing image
docker run -d -p 8080:80 vulhub/jquery-file-upload:6.4.4

# Wait 10 seconds for startup
sleep 10

# Test with Nuclei
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml
```

## Testing the Vulnerability

### Using Nuclei
```bash
# Test against the local vulnerable setup
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml

# Test with verbose output
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml -v

# Test with debug output
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml -debug
```

### Manual Testing
1. Access http://localhost:8080
2. Use the file upload form to upload a PHP file
3. The vulnerable application will accept PHP files without proper validation
4. Uploaded PHP files will be stored in `server/php/files/` directory
5. Access the uploaded PHP file directly to execute arbitrary code

### Example PHP Payload
Create a file named `test.php` with the following content:
```php
<?php
echo "Vulnerable to CVE-2014-8739!";
phpinfo();
?>
```

## Vulnerability Analysis

The vulnerable `UploadHandler.php` file lacks proper file type validation:

1. **Missing File Extension Validation**: No check for dangerous file extensions like `.php`
2. **No MIME Type Validation**: Relies only on filename validation
3. **Unrestricted Upload Directory**: Files are uploaded to a web-accessible directory
4. **Direct File Access**: Uploaded PHP files can be accessed and executed directly

## Security Recommendations

1. **Upgrade**: Use the latest version of jQuery File Upload plugin
2. **File Type Validation**: Implement server-side file type validation
3. **Extension Whitelist**: Only allow safe file extensions
4. **Secure Upload Directory**: Store uploads outside web root or use proper access controls
5. **File Permissions**: Restrict file permissions and use proper ownership

## Docker Setup Details

### Using Docker Compose (Recommended)
```bash
# Build and start the vulnerable environment
docker-compose up -d

# The application will be available at http://localhost:8080
# Uploaded files are stored in the ./uploads directory
```

### Using vulhub/jQuery-File-Upload:6.4.4
```bash
# This is the official vulnerable image for this CVE
docker run -d -p 8080:80 vulhub/jquery-file-upload:6.4.4

# Test immediately
nuclei -u http://localhost:8080 -t http/cves/2014/CVE-2014-8739.yaml
```

## Disclaimer

⚠️ **WARNING**: This setup is intentionally vulnerable and should ONLY be used for:
- Security research and testing
- Educational purposes
- Template validation
- Penetration testing practice

**NEVER deploy this in a production environment or expose it to the internet.**

## Contributing

If you find issues with the testing setup or have improvements for the Nuclei template, please submit a pull request or contact templates@projectdiscovery.io.

## References

- [CVE-2014-8739](https://nvd.nist.gov/vuln/detail/CVE-2014-8739)
- [Exploit-DB Entry](https://www.exploit-db.com/exploits/35057/)
- [jQuery File Upload Plugin](https://github.com/blueimp/jQuery-File-Upload)
- [Vulhub jQuery File Upload](https://github.com/vulhub/vulhub/tree/master/jquery-file-upload)

文件快照


 [4.0K]  /data/pocs/6e2f6230e6dbf2f9cf1244bc57e2af25090ea6f3
├── [ 235]  docker-compose.yml
├── [3.9K]  Dockerfile
├── [4.2K]  README.md
├── [ 219]  test.php
└── [4.0K]  test-vulnerability.py

0 directories, 5 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。