-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unrestricted File Upload Reported #276
Comments
… to be uploaded. Thank you to math1as from l-team for the disclosure and fix. #276
Thanks math1as! This will be in the 4.2.17 release today. |
Hello, we're investigating the issue reports in security. Since we observed that this issue may relate to security, has it been disclosed in CVE already? Thanks for your reply. |
This is a 7 year old bug, if you're chasing CVE clout this is not your way to do it. |
We are so sorry for not explaining it well. In fact, we’ve investigated the old security issues that have not been found in CVE, so it is a human evaluation. |
#' Exploit Title: Unrestricted File Upload
#' Vulnerability Type: Accessing, Modifying or Executing Executable Files (CAPEC-17)
#' Reporting Date: 07-04-2017
#' Author: @math1as
#' Vendor Homepage: https://www.bigtreecms.org/
#' Software Link: https://github.com/bigtreecms
#' Version: v.4.2.16
I. Abstract
BigTree CMS is publicly licensed under the GNU Lesser General Public License
It is an open source content management system built on PHP and MySQL
II. Introduction
2.1 Accessing, Modifying or Executing Executable Files
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
2.2 vulnerability analysis for bigtree cms$DisabledExtensionRegEx = '/\.(exe|com|bat|php|rb|py|cgi|pl|sh|asp|aspx)$ /i';
At the file
/core/inc/bigtree/apis/storage.php
line 11
The code of Regular expression shows that i could be bypassed by upload a file
Name ‘xxx.php[space]’
var
Then the attacker could get a webshell by using this method
III. References
3.1. CAPEC-17 https://capec.mitre.org/data/definitions/17.html
3.2. https://www.owasp.org/index.php/Unrestricted_File_Upload
The text was updated successfully, but these errors were encountered: