Frog CMS 0.9.5 - Arbitrary File Upload

EDB-ID:

33983

CVE:

2014-4912

EDB Verified:

Author:

Javid Hussain

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2014-07-06

Vulnerable App: 
Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5
Date : 2014-07-07
Exploit Author : Javid Hussain
Vendor Homepage : http://www.madebyfrog.com

# Exploit-DB Note: All authenticated users can upload files. If the file 
# does not have execute permissions the CMS allows users to change them.
# No need to be authenticated to trigger uploaded files.

There is a possibility to upload arbitrary file in Frog CMS latest version
0.9.5

POC:

The vulnerability exist because of the filemanager plugin is not properly
verifying the extension of uploaded files.

Go to     http://localhost/frog_095/admin/?/plugin/file_manager/images

Upload an executable php file

Go to     http://localhost/Frog/frog_095/public/images/

for verification.
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services