module
Intelliants Subrion CMS 4.2.1 - Authenticated File Upload Bypass to RCE
| Disclosed |
|---|
| Nov 4, 2018 |
Disclosed
Nov 4, 2018
Description
This module exploits an authenticated file upload vulnerability in
Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by
the .htaccess file not preventing the execution of .pht, .phar, and
.xhtml files. Files with these extensions are not included in the
.htaccess blacklist, hence these files can be uploaded and executed
to achieve remote code execution. In this module, a .phar file with
a randomized name is uploaded and executed to receive a Meterpreter
session on the target, then deletes itself afterwards.
Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by
the .htaccess file not preventing the execution of .pht, .phar, and
.xhtml files. Files with these extensions are not included in the
.htaccess blacklist, hence these files can be uploaded and executed
to achieve remote code execution. In this module, a .phar file with
a randomized name is uploaded and executed to receive a Meterpreter
session on the target, then deletes itself afterwards.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.