Centraleyezer Shell Upload

2019.11.16

Credit: Omayr Zanata

Risk: High

Local: No

Remote: Yes

CVE: CVE-2019-12271

CWE: CWE-264

Ogólna skala CVSS: 7.5/10

Znaczenie: 6.4/10

Łatwość wykorzystania: 10/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Częściowy

Wpływ na integralność: Częściowy

Wpływ na dostępność: Częściowy

Centraleyezer: Unrestricted File Upload -[CVE-2019-12271]

Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding “.jpg” to any uploaded filename is not enforced on the server side.

The image upload is vulnerable to bypass, the file upload adds .jpg extension to every file sent, but on client side, so I could intercept the request and change it to .php. I uploaded a simple shell and was able to execute commands as user www-data on the server.

more information:

https://link.medium.com/Y2S4ZJbMy1

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Centraleyezer Shell Upload

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.