Frog CMS 0.9.5 – Arbitrary File Upload

Exploit Database
59 阅读

作者： Javid Hussain

日期： 2014-07-06
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33983/

Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5
Date : 2014-07-07
Exploit Author : Javid Hussain
Vendor Homepage : http://www.madebyfrog.com

# Exploit-DB Note: All authenticated users can upload files. If the file 
# does not have execute permissions the CMS allows users to change them.
# No need to be authenticated to trigger uploaded files.

There is a possibility to upload arbitrary file in Frog CMS latest version
0.9.5

POC:

The vulnerability exist because of the filemanager plugin is not properly
verifying the extension of uploaded files.

Go to http://localhost/frog_095/admin/?/plugin/file_manager/images

Upload an executable php file

Go to http://localhost/Frog/frog_095/public/images/

for verification.

last Exploits
Frog CMS 0.9.5 – Arbitrary File Upload的更多信息

VTENEXT 19 CE – Remote Code Execution：
Hornbill Supportworks ITSM 1.0.0 – SQL Injection：
Dolibarr ERP/CRM 3.1.0 – ‘/admin/boxes.php?rowid’ SQL Injection：
WordPress Plugin InfiniteWP Client 1.9.4.5 – Authentication Bypass：
GLPI 9.5.7 – Username Enumeration：
Chamilo LMS 1.11.8 – Cross-Site Scripting：
MyBB Recent Threads Plugin 1.0 – Cross-Site Scripting：
WiFiles HD 1.3 iOS – Local File Inclusion：