LifeRay (Fckeditor) Arbitrary File Upload Vulnerability

2018.05.07
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+] Title: LifeRay (Fckeditor) Arbitrary File Upload Vulnerability [+] Date: 2018/05/05 [+] Author: Mostafa Gharzi [+] Team: Maher - CertCC.ir [+] Vendor Homepage: www.liferay.com [+] Tested on: Windows 10 & Kali Linux [+] Versions: 6.2.X and Before [+] Vulnerable Parameter: Get Method [+] Vulnerable File: /browser/liferay/browser.html?Type= [+} Dork : inurl:/web/guest/ inurl:/html/js/editor/fckeditor/ ### Notes: LifeRay 6.2.X and Before allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step.The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement. It depends on what the application does with the uploaded file and especially where it is stored. ### POC: [+] http://site/html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html ### Credit: [+] CertCC.ir


Vote for this issue:
57%
43%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top