Vulners
Lucene search
Wolf CMS - Arbitrary File Upload / Execution
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | Wolf CMS Arbitrary File Upload To Command Execution Exploit | 28 Aug 201500:00 | – | zdt |
| Wolf CMS 0.8.2 - Arbitrary File Upload (Metasploit) | 22 Jun 201600:00 | – | zdt |
 | CVE-2015-6567 | 3 Nov 202509:35 | – | circl |
 | Wolf CMS Metasploit Module Arbitrary File Upload Vulnerability | 23 Jun 201600:00 | – | cnvd |
| Wolf CMS Metasploit module arbitrary file upload vulnerability (CNVD-2016-04300) | 23 Jun 201600:00 | – | cnvd |
 | CVE-2015-6567 | 14 Apr 201716:00 | – | cve |
| CVE-2015-6568 | 14 Apr 201716:00 | – | cve |
 | CVE-2015-6567 | 14 Apr 201716:00 | – | cvelist |
| CVE-2015-6568 | 14 Apr 201716:00 | – | cvelist |
 | Wolf CMS 0.8.2 - Arbitrary File Upload (Metasploit) | 22 Jun 201600:00 | – | exploitpack |
10
# Exploit Title : Wolf CMS 0.8.2 Arbitrary File Upload To Command
Execution
# Reported Date : 05-May-2015
# Fixed Date : 10-August-2015
# Exploit Author : Narendra Bhati
# CVE ID : CVE-2015-6567 , CVE-2015-6568
# Contact:
* Facebook : https://facebook.com/narendradewsoft
*Twitter : http://twitter.com/NarendraBhatiB
# Website : http://websecgeeks.com
# Additional Links -
* https://github.com/wolfcms/wolfcms/releases/
* https://www.wolfcms.org/blog/2015/08/10/releasing-wolf-cms-0-8-3-1.html
#For POC -
http://websecgeeks.com/wolf-cms-arbitrary-file-upload-to-command-execution/
1. Description
Every registered users who have access of upload functionality can upload
an Arbitrary File Upload To perform Command Execution
Vulnerable URL
http://targetsite.com/wolfcms/?/admin/plugin/file_manager/browse/
Vulnerable Parameter
"filename"
2. Proof of Concept
A)Login as regular user ( who have access upload functionality )
B)Go to this page -
http://targetsite.com/wolfcms/?/admin/plugin/file_manager/browse/
C)Select upload an file option to upload Arbitary File ( filename ex:
"hello.php" )
D)Now you can access the file by here -
http://targetsite.com/wolfcms/public/hello.php
3. Solution:
Update to version 0.8.3.1
http://www.wolfcms.org/download.html
=============
--
*Narendra Bhati "CEH" **( Facebook
<http://www.facebook.com/narendradewsoft> , Twitter
<http://www.twitter.com/NarendraBhatiB> , LinkedIn
<https://www.linkedin.com/profile/view?id=115146074> , Personal Blog )*
*Security Analyst - IT Risk & Security Management Services*
Suma Soft Pvt. Ltd. | Suma Center | Near Mangeshkar Hospital | Erandawane
Pune: 411004 |
*======================================================================*Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Aug 2015 00:00Current
8.8High risk
Vulners AI Score8.8
CVSS 26.5
CVSS 38.8
EPSS0.11862