UpPwn is a script that automate detection of security flaws on websites’ file upload systems. In some cases it also allows to exploit these vulnerabilities in order to upload malicious files.
Requirements:
+ Python 2.7
+ Nodejs / Phantomjs
+ GNU/Linux system
Testing is done only with GNU/Linux Ubuntu 16.04, 14.04 LTS stable and Debian Jessie.
UpPwn
Installation:
Install PhantomJS v2.1.1: sudo apt-get install build-essential chrpath libssl-dev libxft-dev libfreetype6 libfreetype6-dev libfontconfig1 libfontconfig1-dev Linux 64-bit wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 tar xvjf phantomjs-2.1.1-linux-x86_64.tar.bz2 mv phantomjs-2.1.1-linux-x86_64 PHANTOM_JS sudo mv PHANTOM_JS /usr/local/share sudo ln -sf /usr/local/share/PHANTOM_JS/bin/phantomjs /usr/local/bin Linux 32-bit wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-i686.tar.bz2 tar xvjf phantomjs-2.1.1-linux-i686.tar.bz2 mv phantomjs-2.1.1-linux-i686 PHANTOM_JS sudo mv PHANTOM_JS /usr/local/share sudo ln -sf /usr/local/share/PHANTOM_JS/bin/phantomjs /usr/local/bin Install Node.JS v6.x: curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - sudo apt-get install nodejs sudo npm install phantomjs-prebuilt sudo apt-get install python-pip pip install --upgrade pip git clone https://github.com/ferrery1/UpPwn.git && cd UpPwn pip2 install -r requirements.lst
Source: https://github.com/ferrery1