Demo scripts left behind after installing applications or frameworks are an ongoing problem. After installation, removing any “demo” or “example” folders is usually best. A few days ago, Ravindu Wickramasinghe noticed that the Angular-base64-upload project is leaving behind a demo folder with a script allowing arbitrary file uploads without authentication [1]. Exploitation of the vulnerability is trivial. An attacker may use the file upload script to upload a web shell, and in response, the attacker will obtain remote command execution with all the privileges granted to the web server.
This article has been indexed from SANS Internet Storm Center, InfoCON: green