atrocore 1.5.25 User interaction – Unauthenticated File upload – RCE

• Exploit Database
• 17 阅读

• 作者： nu11secur1ty
  日期： 2023-04-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51271/

• ## Exploit Title: atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
  ## Author: nu11secur1ty
  ## Date: 02.16.2023
  ## Vendor: https://atropim.com/
  ## Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25
  ## Reference: https://portswigger.net/web-security/file-upload
  
  ## Description:
  The `Create Import Feed` option with `glyphicon-glyphicon-paperclip`
  function appears to be vulnerable to User interaction -
  Unauthenticated File upload - RCE attacks.
  The attacker can easily upload a malicious then can execute the file
  and can get VERY sensitive information about the configuration of this
  system, after this he can perform a very nasty attack.
  
  
  STATUS: HIGH Vulnerability CRITICAL
  
  [+]Payload:
  
  ```PHP
  <?php
  	phpinfo();
  ?>
  ```
  
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/atrocore/atrocore-1.5.25)
  
  ## Reference:
  [href](https://portswigger.net/web-security/file-upload)
  
  ## Proof and Exploit:
  [href](https://streamable.com/g8998d)
  
  ## Time spend:
  00:45:00
  
  
  -- 
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  Exploit developer at https://packetstormsecurity.com/
  https://cve.mitre.org/index.html
  https://cxsecurity.com/ and https://www.exploit-db.com/
  0day Exploit DataBase https://0day.today/
  home page: https://www.nu11secur1ty.com/
  hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
  nu11secur1ty <http://nu11secur1ty.com/>