Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Atrocore 1.5.25 Shell Upload[6]
- Authored by nu11secur1ty[7]
-
Atrocore version 1.5.25 suffers from a remote shell upload vulnerability.
- SHA-256 |
1e120e6e4db83718cdc98419e2f3e0b8b3116132deeeaf1795649de6a0137546
- Download[8] | Favorite[9] | View[10]
Change Mirror[11] Download[12]
## Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE
## Author: nu11secur1ty
## Date: 02.16.2023
## Vendor: https://atropim.com/
## Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25
## Reference: https://portswigger.net/web-security/file-upload
## Description:
The `Create Import Feed` option with `glyphicon-glyphicon-paperclip`
function appears to be vulnerable to User interaction -
Unauthenticated File upload - RCE attacks.
The attacker can easily upload a malicious then can execute the file
and can get VERY sensitive information about the configuration of this
system, after this he can perform a very nasty attack.
STATUS: HIGH Vulnerability CRITICAL
[+]Payload:
```PHP
<?php
phpinfo();
?>
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/atrocore/atrocore-1.5.25)
## Reference:
[href](https://portswigger.net/web-security/file-upload)
## Proof and Exploit:
[href](https://streamable.com/g8998d)
## Time spend:
00:45:00
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
File Tags
- ActiveX[17] (932)
- Advisory[18] (80,242)
- Arbitrary[19] (15,817)
- BBS[20] (2,859)
- Bypass[21] (1,646)
- CGI[22] (1,020)
- Code Execution[23] (6,997)
- Conference[24] (675)
- Cracker[25] (840)
- CSRF[26] (3,298)
- DoS[27] (22,789)
- Encryption[28] (2,357)
- Exploit[29] (50,556)
- File Inclusion[30] (4,174)
- File Upload[31] (949)
- Firewall[32] (821)
- Info Disclosure[33] (2,680)
- Intrusion Detection[34] (873)
- Java[35] (2,951)
- JavaScript[36] (828)
- Kernel[37] (6,383)
- Local[38] (14,250)
- Magazine[39] (586)
- Overflow[40] (12,490)
- Perl[41] (1,419)
- PHP[42] (5,099)
- Proof of Concept[43] (2,294)
- Protocol[44] (3,457)
- Python[45] (1,472)
- Remote[46] (30,178)
- Root[47] (3,524)
- Rootkit[48] (501)
- Ruby[49] (598)
- Scanner[50] (1,633)
- Security Tool[51] (7,812)
- Shell[52] (3,117)
- Shellcode[53] (1,206)
- Sniffer[54] (889)
- Spoof[55] (2,178)
- SQL Injection[56] (16,144)
- TCP[57] (2,383)
- Trojan[58] (687)
- UDP[59] (879)
- Virus[60] (663)
- Vulnerability[61] (31,287)
- Web[62] (9,414)
- Whitepaper[63] (3,736)
- x86[64] (946)
- XSS[65] (17,539)
- Other[66]
File Archives
- February 2023[67]
- January 2023[68]
- December 2022[69]
- November 2022[70]
- October 2022[71]
- September 2022[72]
- August 2022[73]
- July 2022[74]
- June 2022[75]
- May 2022[76]
- April 2022[77]
- March 2022[78]
- Older[79]
Systems
- AIX[80] (426)
- Apple[81] (1,948)
- BSD[82] (370)
- CentOS[83] (55)
- Cisco[84] (1,918)
- Debian[85] (6,684)
- Fedora[86] (1,690)
- FreeBSD[87] (1,242)
- Gentoo[88] (4,288)
- HPUX[89] (878)
- iOS[90] (338)
- iPhone[91] (108)
- IRIX[92] (220)
- Juniper[93] (67)
- Linux[94] (44,783)
- Mac OS X[95] (684)
- Mandriva[96] (3,105)
- NetBSD[97] (255)
- OpenBSD[98] (480)
- RedHat[99] (12,730)
- Slackware[100] (941)
- Solaris[101] (1,609)
- SUSE[102] (1,444)
- Ubuntu[103] (8,329)
- UNIX[104] (9,196)
- UnixWare[105] (185)
- Windows[106] (6,526)
- Other[107]