[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Centraleyezer: Unrestricted File Upload -[CVE-2019-12271]

To: fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] Centraleyezer: Unrestricted File Upload -[CVE-2019-12271]
From: infinitybuzz via Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Date: Tue, 12 Nov 2019 16:38:37 +0000

Centraleyezer: Unrestricted File Upload -[CVE-2019-12271]

Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a 
dangerous type, because the feature of adding “.jpg” to any uploaded filename 
is not enforced on the server side.

The image upload is vulnerable to bypass, the file upload adds .jpg extension 
to every file sent, but on client side, so I could intercept the request and 
change it to .php. I uploaded a simple shell and was able to execute commands 
as user www-data on the server.

more information:

https://link.medium.com/Y2S4ZJbMy1

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Getting the server ip from a hosted XenForo CMS
Next by Date: [FD] Centraleyezer: Stored XSS using HTML Entities — [CVE-2019–12299]
Previous by thread: [FD] Getting the server ip from a hosted XenForo CMS
Next by thread: [FD] Centraleyezer: Stored XSS using HTML Entities — [CVE-2019–12299]
Index(es):
- Date
- Thread