ImpressCMS v1.4.4 – Unrestricted File Upload

Exploit Database
109 阅读

作者： Ünsal Furkan Harani

日期： 2022-05-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/50890/

# Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload
# Date: 7/4/2022
# Exploit Author: Ünsal Furkan Harani (Zemarkhos)
# Vendor Homepage: https://www.impresscms.org/
# Software Link: https://github.com/ImpressCMS/impresscms
# Version: v1.4.4

# Description:
Between lines 152 and 162, we see the function "extensionsToBeSanitized".Since the blacklist method is weak, it is familiar that the file can be uploaded in the extensions mentioned below.

.php2, .php6, .php7, .phps, .pht, .pgif, .shtml, .htaccess, .phar, .inc

Impresscms/core/File/MediaUploader.php Between lines 152 and 162:
private $extensionsToBeSanitized = array('php','phtml','phtm','php3','php4','cgi','pl','asp','php5');

last Exploits
ImpressCMS v1.4.4 – Unrestricted File Upload的更多信息

Fork CMS 5.8.0 – Persistent Cross-Site Scripting：
Hotel Booking Engine 1.0 – ‘h_room_type’ SQL Injection：
Maian Gallery 2 – Local File Download：
ABC ERP 0.6.4 – Cross-Site Request Forgery (Update Admin)：
Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities：
Chamilo LMS 1.11.14 – Remote Code Execution (Authenticated)：
Yealink VoIP Phone SIP-T38G – Local File Inclusion：
Alstrasoft ProTaxi Enterprise 3.5 – Arbitrary File Upload：