Institut VerpackungsMarktForschung GMBH Modules Arbitrary File Upload

2019.03.28
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

############################################################################################ # Exploit Title : Institut VerpackungsMarktForschung GMBH Modules Arbitrary File Upload # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 28/03/2019 # Vendor Homepage : ivm-childsafe.de # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : High # Google Dorks : [PDF] inurl:/modules/fck/usr/ # Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ] # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos ############################################################################################ # Impact : *********** Institut VerpackungsMarktForschung GMBH FCKeditor Modules is prone to a vulnerability that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. ############################################################################################ # Arbitrary File Upload / Insert File Exploit : *************************************** /modules/fck/editor/filemanager/connectors/uploadtest.html # Directory File Path : ********************* /modules/fck/usr/[YOURFILENAME].txt .jpg .gif .png ############################################################################################ # Example Vulnerable Sites : ************************* [+] Vulnerable IP Address => 46.4.112.25 => There are 140 domains hosted on this server. [+] heizungsfilter.de/modules/fck/editor/filemanager/connectors/uploadtest.html [+] ivm-childsafe.de/modules/fck/editor/filemanager/connectors/uploadtest.html [+] ivm-childsafe.com/modules/fck/editor/filemanager/connectors/uploadtest.html [+] child-safe.info/modules/fck/editor/filemanager/connectors/uploadtest.html [+] child-safe.org/modules/fck/editor/filemanager/connectors/uploadtest.html [+] childproofpackaging.com/modules/fck/editor/filemanager/connectors/uploadtest.html [+] antonischki.net/modules/fck/editor/filemanager/connectors/uploadtest.html [+] kindersicherheit.biz/modules/fck/editor/filemanager/connectors/uploadtest.html [+] child-resistant-packages.com/modules/fck/editor/filemanager/connectors/uploadtest.html [+] child-resistant-packaging.com/modules/fck/editor/filemanager/connectors/uploadtest.html [+] child-resistant.de/modules/fck/editor/filemanager/connectors/uploadtest.html [+] child-resistant.net/modules/fck/editor/filemanager/connectors/uploadtest.html [+] child-resistant.org/modules/fck/editor/filemanager/connectors/uploadtest.html [+] childproof.de/modules/fck/editor/filemanager/connectors/uploadtest.html [+] childresistant.net/modules/fck/editor/filemanager/connectors/uploadtest.html [+] childresistant.org/modules/fck/editor/filemanager/connectors/uploadtest.html [+] childresistantpackages.com/modules/fck/editor/filemanager/connectors/uploadtest.html [+] childresistantpackaging.com/modules/fck/editor/filemanager/connectors/uploadtest.html [+] childresistantpackaging.de/modules/fck/editor/filemanager/connectors/uploadtest.html [+] childresistantpackaging.net/modules/fck/editor/filemanager/connectors/uploadtest.html [+] childresistantpackaging.org/modules/fck/editor/filemanager/connectors/uploadtest.html [+] ivm-childsave.com/modules/fck/editor/filemanager/connectors/uploadtest.html [+] ivm-childsave.de/modules/fck/editor/filemanager/connectors/uploadtest.html [+] ivm-lab.com/modules/fck/editor/filemanager/connectors/uploadtest.html [+] ivm-lab.de/modules/fck/editor/filemanager/connectors/uploadtest.html [+] kindergesichert.de/modules/fck/editor/filemanager/connectors/uploadtest.html [+] kindergesicherte-verpackungen.com/modules/fck/editor/filemanager/connectors/uploadtest.html [+] kindergesicherte-verpackungen.de/modules/fck/editor/filemanager/connectors/uploadtest.html [+] kindergesicherte-verpackungen.org/modules/fck/editor/filemanager/connectors/uploadtest.html [+] kindergesicherte.de/modules/fck/editor/filemanager/connectors/uploadtest.html [+] kindersicher.org/modules/fck/editor/filemanager/connectors/uploadtest.html [+] kindersichere-verpackungen.de/modules/fck/editor/filemanager/connectors/uploadtest.html [+] kindersichere.de/modules/fck/editor/filemanager/connectors/uploadtest.html ############################################################################################ # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ############################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top