Arasism (IR) CMS Shell Upload Vulnerability

2012-08-11T00:00:00
ID 1337DAY-ID-19166
Type zdt
Reporter Nafsh
Modified 2012-08-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Arasism (IR) CMS - File Upload Vulnerability

Details:
========
A File Upload vulnerability is detected in the famous iranisch Arasism.com Content Management (Panel) System.
The vulnerability allows an attacker (remote) with low privileged user account to bypass the picture upload 
validation when processing by including own .asp/.php files. Successful exploitation of the vulnerability 
result in malicious file uploads (malware or webshells) to compromise the application dbms & application system.

Vulnerable Path:
      [+] ../sysop/


Vulnerable File(s):
      [+] RTE_popup_file_atch.asp


Proof of Concept:
=================
The remote file upload vulnerability can be exploited by remote attacker without user inter action.
For demonstration or reproduce ...


Dork(s):
Powered by Arasism.com
Designed & Powered By Hadi Farzad
Powered By : www.Arasism.Com"
ØÑÇÍí æ ÇÌÑÇ : åÇÏí ÝÑÒÇÏ | íԐÇãÇä æÈ ÝÑÏÇ


PoC:
Path:  ../sysop/
File:  RTE_popup_file_atch.asp
NOTE:   To upload an asp web shell inject a filename with for example ...  shell.asp;1.jpg


Risk:
=====
The security risk of the remote file upload vulnerability is estimated as high.



#  0day.today [2018-01-04]  #