Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

BlueImp jQuery-File-Upload - Arbitrary File Upload

By kannthu

Vidoc logoVidoc Module

What is the "BlueImp jQuery-File-Upload - Arbitrary File Upload?" module?

The "BlueImp jQuery-File-Upload - Arbitrary File Upload" module is designed to detect a vulnerability in the BlueImp jQuery-File-Upload software. This vulnerability allows for arbitrary file uploads, which can lead to remote code execution. The severity of this vulnerability is classified as critical. The original author of this module is dhiyaneshDk.


If exploited, the vulnerability in the BlueImp jQuery-File-Upload software can allow an attacker to upload arbitrary files to the server without proper validation or exclusion of file types. This can potentially lead to remote code execution, compromising the security and integrity of the system.

How does the module work?

The module works by sending HTTP requests to the targeted BlueImp jQuery-File-Upload server. It then applies matching conditions to determine if the vulnerability is present. One example of a matching condition is checking the response body for the presence of the JSON string "{\"files\":". Additionally, it checks the response header to ensure it does not contain the word "text/plain".

By analyzing the responses and matching conditions, the module can accurately identify if the BlueImp jQuery-File-Upload software is vulnerable to arbitrary file uploads.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
regex: ^{\"files\":and
word: text/plain
Passive global matcher
No matching conditions.
On match action
Report vulnerability