24 lines
No EOL
736 B
Text
24 lines
No EOL
736 B
Text
Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5
|
|
Date : 2014-07-07
|
|
Exploit Author : Javid Hussain
|
|
Vendor Homepage : http://www.madebyfrog.com
|
|
|
|
# Exploit-DB Note: All authenticated users can upload files. If the file
|
|
# does not have execute permissions the CMS allows users to change them.
|
|
# No need to be authenticated to trigger uploaded files.
|
|
|
|
There is a possibility to upload arbitrary file in Frog CMS latest version
|
|
0.9.5
|
|
|
|
POC:
|
|
|
|
The vulnerability exist because of the filemanager plugin is not properly
|
|
verifying the extension of uploaded files.
|
|
|
|
Go to http://localhost/frog_095/admin/?/plugin/file_manager/images
|
|
|
|
Upload an executable php file
|
|
|
|
Go to http://localhost/Frog/frog_095/public/images/
|
|
|
|
for verification. |