Pluck 4.7.18 Remote Shell Upload

2023.07.21
Credit: nu11secur1ty
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

## Title: pluck-4.7.18 - FI + RCE. ## Author: nu11secur1ty ## Date: 07.19.2023 ## Vendor: https://github.com/pluck-cms/pluck/wiki ## Software: https://github.com/pluck-cms/pluck ## Reference: https://portswigger.net/daily-swig/rce ## Reference: https://portswigger.net/web-security/file-upload ## Description: The attacker who already has an account can upload a fake module to the system and can execute the content from this module on the server. In this example, the attacker executes an info file from the already fake uploaded module and gets all information for this system. This is a CRITICAL Vulnerability. The problem is that these developers are not making a strong sanitizing upload function and do not restrict the execution from inside of the server. ## Staus: HIGH Vulnerability [+]Exploit: prostak.php - - - NOTE: The attacker also can upload an EXE file, which file he can execute or download! ```php <?php // by nu11secur1ty - 2023 phpinfo(); ?> ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/pluck/2023/pluck-4.7.18) ## Proof and Exploit [href](https://www.nu11secur1ty.com/2023/07/pluck-4718-fi-rce.html) ## Time spend: 00:35:00


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top