Feindura File Manager 1.0(rc) - Remote File Upload

vendor:

Feindura Flat File Content Management System

by:

KnocKout

8,8

CVSS

HIGH

File Upload

434

CWE

Product Name: Feindura Flat File Content Management System

Affected Version From: 1.0(rc)

Affected Version To: 1.0(rc)

Patch Exists: N/A

Related CWE: N/A

CPE: a:feindura:feindura:1.0rc

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Feindura File Manager 1.0(rc) – Remote File Upload

Shell Upload . you use 'GIF81a;' to upload a remote file to http://TARGET/path/library/thirdparty/filemanager/

Mitigation:

Ensure that the file upload feature is properly secured and only allows the upload of files with the correct MIME type.

Source

Exploit-DB raw data:

===================================================
Feindura File Manager 1.0(rc) - Remote File Upload
===================================================

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : Feindura - Flat File Content Management System 1.0 rc
~Software: http://feindura.org/
-Demo : http://demo.feindura.org/
~Vulnerability Style : File Upload
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
    ~~~~~~~~ Explotation ~~~~~~~~~~~
 
    Shell Upload . you use "GIF81a;"
    ================================
    http://TARGET/path/library/thirdparty/filemanager/
    ================================
          [+]  Remote File uploaded.
 
           
       
      GoodLucK ;)


# Inj3ct0r.com [2010-09-28]