Jquery File Upload Vulnerability
In this post we going to learn how to exploit jquery vulnerability which will allow you to upload webshell to respective webserver using CSRF.
Step-1 (Identification of target)
We have two way to identifiy target first with google dork and other is manual analysis of target webpage source code.
I. (Google Dork)
Dork : /assets/global/plugins/jquery-file-upload/
Simply search on google for this Dork.
II.(Source Code analysis)
Open page source of target website with CTRL + U and search for “/plugins /” . You will get path of jquery-file-upload plugin.
Now try to build target URL like
as you will open the above link you will get the following text in page
Now you need to create CSRF page just open notepad and copy paste following code with target url.
<form method=”POST” action=”http://localhost/assets/global/plugins/jquery-file-upload/server/php/” enctype=”multipart/form-data”>
<input type=”file” name=”files” /><button>Upload</button></form>
and save as html file.
Open file with chrome.
Select webshell to upload.
All done. 🙂