CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
98.6%
FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload (UEFU) vulnerabilities. The details of the testing strategy is in our paper, “FUSE: Finding File Upload Bugs via Penetration Testing”, which appeared in NDSS 2020. To see how to configure and execute FUSE, see the followings.
Setup
Install
FUSE currently works on Ubuntu 18.04 and Python 2.7.15.
# apt-get install rabbitmq-server
# apt-get install python-pip
# apt-get install git
$ git clone https://github.com/WSP-LAB/FUSE
$ cd FUSE && pip install -r requirements.txt
Usage
Configuration
FUSE uses a user-provided configuration file that specifies parameters for a target PHP application. The script must be filled out before testing a target Web application. You can check out README file and example configuration files.
Configuration for File Monitor (Optional)
$ vim filemonitor.py
…
10 MONITOR_PATH=‘/var/www/html/’ <- Web root of the target application
11 MONITOR_PORT=20174 <- Default port of File Monitor
12 EVENT_LIST_LIMITATION=8000 <- Maxium number of elements in EVENT_LIST
…
Execution
FUSE
$ python framework.py [Path of configuration file]
File Monitor
$ python filemonitor.py
Result
CVEs
If you find UFU and UEFU bugs and get CVEs by running FUSE, please send a PR for README.md
Application | CVEs |
---|---|
Elgg | CVE-2018-19172 |
ECCube3 | CVE-2018-18637 |
CMSMadeSimple | CVE-2018-19419, CVE-2018-18574 |
CMSimple | CVE-2018-19062 |
Concrete5 | CVE-2018-19146 |
GetSimpleCMS | CVE-2018-19420, CVE-2018-19421 |
Subrion | CVE-2018-19422 |
OsCommerce2 | CVE-2018-18572, CVE-2018-18964, CVE-2018-18965, CVE-2018-18966 |
Monstra | CVE-2018-6383, CVE-2018-18694 |
XE | XEVE-2019-001 |
Author
This research project has been conducted by WSP Lab at KAIST.
Citing FUSE
To cite our paper:
Distributed System Security Symposium}, year = 2020 } ">
@INPROCEEDINGS{lee:ndss:2020,
author = {Taekjin Lee and Seongil Wi and Suyoung Lee and Sooel Son},
title = {{FUSE}: Finding File Upload Bugs via Penetration Testing},
booktitle = {Proceedings of the Network and Distributed System Security Symposium},
year = 2020
}
Download FUSE
github.com/WSP-LAB/FUSE
github.com/WSP-LAB/FUSE/blob/master/configs
github.com/WSP-LAB/FUSE/blob/master/configs/default-credential.conf
github.com/WSP-LAB/FUSE/blob/master/configs/README.md
github.com/WSP-LAB/FUSE/blob/master/README.md
seongil-wi.github.io/
wsp-lab.github.io
wsp-lab.github.io/papers/lee-fuse-ndss20.pdf
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
98.6%