鸿 网 互 联 www.68idc.cn

GetSimpleCMS 3.2.1任意文件上传

来源:互联网 作者:佚名 时间:2016-05-07 10:08
标题: GetSimpleCMS Version 3.2.1 Arbitrary File Upload Vulnerability # 下载地址: http://code.google.com/p/get-simple-cms/ #影响版本: 3.2.1 # 已测试: ubuntu 13.4 # 作者: Ahmed Elhady Mohamed 概述: - GetSimpleCMS Version 3.2.1 suffers from

标题: GetSimpleCMS Version 3.2.1 Arbitrary File Upload Vulnerability 

# 下载地址: http://code.google.com/p/get-simple-cms/

# 影响版本: 3.2.1 

# 已测试: ubuntu 13.4 

# 作者: Ahmed Elhady Mohamed 

概述: 

    - GetSimpleCMS Version 3.2.1 suffers from arbitrary file upload vulnerability which allows an attacker to upload a HTML page. 

    - The main reason of this vulnerability is that the application uses a blacklist technique to compare the file aganist mime types and extensions. 

    - If the mime type or the extension is in the blacklist array , the application won't upload it. 

      测试利用: 

    - For exploiting this vulnerability we will create a file with mutiple extensions for example "exploit.html.fr" 

    - The application will check the mime type and extension of the file which is "fr" aganist the blacklist array mime type and extensions. 

    - and ofcourse "fr" extension won't be in the blacklist array so the application will upload it successfully. 

    - The uploaded file will be under the "data/uploads/" folder. 

      

解决方案: 

    - The application should use whitelisting technique which compare the file extensions and mime types aganist 

    - acceptable mime types and extensions for more information google for "whitelisting vs blacklisting"

网友评论
<