module
PlaySMS import.php Authenticated CSV File Upload Code Execution
| Disclosed | Created |
|---|---|
| 2017-05-21 | 2018-06-14 |
Disclosed
2017-05-21
Created
2018-06-14
Description
This module exploits an authenticated file upload remote code excution vulnerability
in PlaySMS Version 1.4. This issue is caused by improper file contents handling in
import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV
file containing a malicious payload via vectors involving the User-Agent HTTP header
and PHP code in the User-Agent.
This module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.
in PlaySMS Version 1.4. This issue is caused by improper file contents handling in
import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV
file containing a malicious payload via vectors involving the User-Agent HTTP header
and PHP code in the User-Agent.
This module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.
Author
Touhid M.Shaikh touhidshaikh22@gmail.com
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.