Lucene search

K
packetstormNu11secur1tyPACKETSTORM:171015
HistoryFeb 16, 2023 - 12:00 a.m.

Atrocore 1.5.25 Shell Upload

2023-02-1600:00:00
nu11secur1ty
packetstormsecurity.com
173
`## Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE  
## Author: nu11secur1ty  
## Date: 02.16.2023  
## Vendor: https://atropim.com/  
## Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25  
## Reference: https://portswigger.net/web-security/file-upload  
  
## Description:  
The `Create Import Feed` option with `glyphicon-glyphicon-paperclip`  
function appears to be vulnerable to User interaction -  
Unauthenticated File upload - RCE attacks.  
The attacker can easily upload a malicious then can execute the file  
and can get VERY sensitive information about the configuration of this  
system, after this he can perform a very nasty attack.  
  
  
STATUS: HIGH Vulnerability CRITICAL  
  
[+]Payload:  
  
```PHP  
<?php  
phpinfo();  
?>  
```  
  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/atrocore/atrocore-1.5.25)  
  
## Reference:  
[href](https://portswigger.net/web-security/file-upload)  
  
## Proof and Exploit:  
[href](https://streamable.com/g8998d)  
  
## Time spend:  
00:45:00  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html  
https://cxsecurity.com/ and https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
`