View Issue Details

IDProjectCategoryView StatusLast Update
0002430Kali LinuxNew Tool Requestspublic2020-02-25 13:28
Reportercoj337 Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionsuspended 
Summary0002430: Upsploit - file upload vulnerabiltiy identification and exploitation.
Description

There's was a new tool (released last week) that helps pentesters find/validate file upload vulnerabilities in web applications.

I'm suggesting this because it's the first of it's kind - even commercial scanners don't go beyond finding file upload forms so this is the first tool to ever help actually exploit them.

It's called Upsploit and can be found here: https://github.com/coj337/Upsploit

Steps To Reproduce

N/A

Additional Information

N/A

Activities

stormtide

stormtide

2015-07-20 09:42

reporter   ~0003537

Dependencies it needs monodevelop (apt-get install monodevelop)

Upsploit pre-compiled binary v1.1 :

12 tests possible

Select all
Select none
Run Tests

The application quits

Upsploit pre-compiled binary v1.0 :

error : System.Reflection.ReflectionTypeLoadException: The classes in the module cannot be loaded.
at (wrapper managed-to-native) System.Reflection.Assembly:GetTypes (System.Reflection.Assembly,bool)
at System.Reflection.Assembly.GetTypes () [0x00000] in <filename unknown>:0
at Upsploit.MainForm.getTests[Test] () [0x00000] in <filename unknown>:0
at Upsploit.MainForm.ManualForm_Load (System.Object sender, System.EventArgs e) [0x00000] in <filename unknown>:0
at System.Windows.Forms.Form.OnLoad (System.EventArgs e) [0x00000] in <filename unknown>:0
at System.Windows.Forms.Form.OnLoadInternal (System.EventArgs e) [0x00000] in <filename unknown>:0

coj337

coj337

2015-07-21 10:05

reporter   ~0003547

I believe this is because Kali runs an old version of mono, should another bug be opened for this to be updated?

I updated to mono 4.0.1 (instructions: http://www.mono-project.com/docs/getting-started/install/linux/#debian-ubuntu-and-derivatives) and the tool ran fine.

stormtide

stormtide

2015-07-21 18:27

reporter   ~0003551

you can open a new bug report for that.

Upsploit v1.10 and v1.0 seems running fine now. (I will make some additional tests)

g0tmi1k

g0tmi1k

2018-01-29 10:52

administrator   ~0007937

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool?
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [How to install] - How do you compile it?
  • [How to use] - What are some basic commands/functions to demonstrate it?
g0tmi1k

g0tmi1k

2020-02-25 13:28

administrator   ~0012342

No updates since 2015.

Issue History

Date Modified Username Field Change
2015-07-17 06:26 coj337 New Issue
2015-07-20 09:42 stormtide Note Added: 0003537
2015-07-21 10:05 coj337 Note Added: 0003547
2015-07-21 18:27 stormtide Note Added: 0003551
2018-01-26 11:37 g0tmi1k Summary New tool for file upload vulnerabiltiy identification and exploitation. => Upsploit - file upload vulnerabiltiy identification and exploitation.
2018-01-29 10:52 g0tmi1k Note Added: 0007937
2018-02-21 09:35 g0tmi1k Product Version 1.1.0 =>
2019-12-09 13:30 g0tmi1k Severity minor => feature
2020-02-25 13:28 g0tmi1k Status new => closed
2020-02-25 13:28 g0tmi1k Resolution open => suspended
2020-02-25 13:28 g0tmi1k Note Added: 0012342