Sitefinity CMS (ASP.NET) Shell Upload Vulnerability

vendor:

CMS (ASP.NET)

by:

Net.Edit0r

9,3

CVSS

HIGH

Shell Upload Vulnerability

434

CWE

Product Name: CMS (ASP.NET)

Affected Version From: 3.x

Affected Version To: 4.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

Sitefinity CMS (ASP.NET) Shell Upload Vulnerability

Sitefinity CMS (ASP.NET) is vulnerable to a shell upload vulnerability. An attacker can upload a malicious ASP file with a double extension such as .asp;.jpg to the /UserControls/Dialogs/ImageEditorDialog.aspx page and then upload it to the /Images/ directory. This will allow the attacker to execute arbitrary code on the server.

Mitigation:

Ensure that the web application is configured to only allow the upload of files with the expected file extensions. Additionally, ensure that the web application is configured to only allow the upload of files with the expected MIME types.

Source

Exploit-DB raw data:

=============================================================
Sitefinity CMS (ASP.NET) Shell Upload Vulnerability
=============================================================

###################################################
#
# Exploit Title: Sitefinity CMS (ASP.NET) Shell Upload Vulnerability
# DDate: 16/11/2010
# Author: Net.Edit0r
# Software Link: www.sitefinity.com
# Version: 3.x . 4.0
# Tested on: windows SP2 Francais V.(Pnx2 2.0)
# dork : "Sitefinity: Login"
# Contact: Net.Edit0r@att.net ~ Black.hat.tm@gmail.com
#
####################################################

    exploit # /UserControls/Dialogs/ImageEditorDialog.aspx

first go to # http://site.com/sitefinity/

       then # http://site.com/sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx

     select # asp renamed via the .asp;.jpg (shell.asp;.jpg)

  Upload to # http://site.com/Images/[shell]


    Video : http://net-edit0r.persiangig.com/Film/0day.rar

#######################################################

Home : datacoders.org ~ ajaxtm.com #Iranian HackerZ

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d ,Raiden , m4hd1 ,P0W3RFU7

       BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic ~ keracker