View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002430||Kali Linux||[All Projects] New Tool Requests||public||2015-07-17 06:26||2020-02-11 12:08|
|Target Version||Fixed in Version|
|Summary||0002430: Upsploit - file upload vulnerabiltiy identification and exploitation.|
|Description||There's was a new tool (released last week) that helps pentesters find/validate file upload vulnerabilities in web applications.|
I'm suggesting this because it's the first of it's kind - even commercial scanners don't go beyond finding file upload forms so this is the first tool to ever help actually exploit them.
It's called Upsploit and can be found here: https://github.com/coj337/Upsploit
|Steps To Reproduce||N/A|
Dependencies it needs monodevelop (apt-get install monodevelop)
Upsploit pre-compiled binary v1.1 :
12 tests possible
The application quits
Upsploit pre-compiled binary v1.0 :
error : System.Reflection.ReflectionTypeLoadException: The classes in the module cannot be loaded.
at (wrapper managed-to-native) System.Reflection.Assembly:GetTypes (System.Reflection.Assembly,bool)
at System.Reflection.Assembly.GetTypes () [0x00000] in <filename unknown>:0
at Upsploit.MainForm.getTests[Test] () [0x00000] in <filename unknown>:0
at Upsploit.MainForm.ManualForm_Load (System.Object sender, System.EventArgs e) [0x00000] in <filename unknown>:0
at System.Windows.Forms.Form.OnLoad (System.EventArgs e) [0x00000] in <filename unknown>:0
at System.Windows.Forms.Form.OnLoadInternal (System.EventArgs e) [0x00000] in <filename unknown>:0
I believe this is because Kali runs an old version of mono, should another bug be opened for this to be updated?
I updated to mono 4.0.1 (instructions: http://www.mono-project.com/docs/getting-started/install/linux/#debian-ubuntu-and-derivatives) and the tool ran fine.
you can open a new bug report for that.
Upsploit v1.10 and v1.0 seems running fine now. (I will make some additional tests)
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool?
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [How to install] - How do you compile it?
- [How to use] - What are some basic commands/functions to demonstrate it?
|2015-07-17 06:26||coj337||New Issue|
|2015-07-20 09:42||stormtide||Note Added: 0003537|
|2015-07-21 10:05||coj337||Note Added: 0003547|
|2015-07-21 18:27||stormtide||Note Added: 0003551|
|2018-01-26 11:37||g0tmi1k||Summary||New tool for file upload vulnerabiltiy identification and exploitation. => Upsploit - file upload vulnerabiltiy identification and exploitation.|
|2018-01-29 10:52||g0tmi1k||Note Added: 0007937|
|2018-02-21 09:35||g0tmi1k||Product Version||1.1.0 =>|
|2019-12-09 13:30||g0tmi1k||Severity||minor => feature|