Atrocore 1.5.25 Shell Upload ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[11] Download^[12]

        ## Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE
## Author: nu11secur1ty
## Date: 02.16.2023
## Vendor: https://atropim.com/
## Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25
## Reference: https://portswigger.net/web-security/file-upload
## Description:
The `Create Import Feed` option with `glyphicon-glyphicon-paperclip`
function appears to be vulnerable to User interaction -
Unauthenticated File upload - RCE attacks.
The attacker can easily upload a malicious then can execute the file
and can get VERY sensitive information about the configuration of this
system, after this he can perform a very nasty attack.
STATUS: HIGH Vulnerability CRITICAL
[+]Payload:
```PHP
<?php
phpinfo();
?>
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/atrocore/atrocore-1.5.25)
## Reference:
[href](https://portswigger.net/web-security/file-upload)
## Proof and Exploit:
[href](https://streamable.com/g8998d)
## Time spend:
00:45:00
-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>

• Follow us on Twitter^[15]
• Subscribe to an RSS Feed^[16]

File Tags

• ActiveX^[17] (932)
• Advisory^[18] (80,242)
• Arbitrary^[19] (15,817)
• BBS^[20] (2,859)
• Bypass^[21] (1,646)
• CGI^[22] (1,020)
• Code Execution^[23] (6,997)
• Conference^[24] (675)
• Cracker^[25] (840)
• CSRF^[26] (3,298)
• DoS^[27] (22,789)
• Encryption^[28] (2,357)
• Exploit^[29] (50,556)
• File Inclusion^[30] (4,174)
• File Upload^[31] (949)
• Firewall^[32] (821)
• Info Disclosure^[33] (2,680)
• Intrusion Detection^[34] (873)
• Java^[35] (2,951)
• JavaScript^[36] (828)
• Kernel^[37] (6,383)
• Local^[38] (14,250)
• Magazine^[39] (586)
• Overflow^[40] (12,490)
• Perl^[41] (1,419)
• PHP^[42] (5,099)
• Proof of Concept^[43] (2,294)
• Protocol^[44] (3,457)
• Python^[45] (1,472)
• Remote^[46] (30,178)
• Root^[47] (3,524)
• Rootkit^[48] (501)
• Ruby^[49] (598)
• Scanner^[50] (1,633)
• Security Tool^[51] (7,812)
• Shell^[52] (3,117)
• Shellcode^[53] (1,206)
• Sniffer^[54] (889)
• Spoof^[55] (2,178)
• SQL Injection^[56] (16,144)
• TCP^[57] (2,383)
• Trojan^[58] (687)
• UDP^[59] (879)
• Virus^[60] (663)
• Vulnerability^[61] (31,287)
• Web^[62] (9,414)
• Whitepaper^[63] (3,736)
• x86^[64] (946)
• XSS^[65] (17,539)
• Other^[66]

File Archives

• February 2023^[67]
• January 2023^[68]
• December 2022^[69]
• November 2022^[70]
• October 2022^[71]
• September 2022^[72]
• August 2022^[73]
• July 2022^[74]
• June 2022^[75]
• May 2022^[76]
• April 2022^[77]
• March 2022^[78]
• Older^[79]

Systems

• AIX^[80] (426)
• Apple^[81] (1,948)
• BSD^[82] (370)
• CentOS^[83] (55)
• Cisco^[84] (1,918)
• Debian^[85] (6,684)
• Fedora^[86] (1,690)
• FreeBSD^[87] (1,242)
• Gentoo^[88] (4,288)
• HPUX^[89] (878)
• iOS^[90] (338)
• iPhone^[91] (108)
• IRIX^[92] (220)
• Juniper^[93] (67)
• Linux^[94] (44,783)
• Mac OS X^[95] (684)
• Mandriva^[96] (3,105)
• NetBSD^[97] (255)
• OpenBSD^[98] (480)
• RedHat^[99] (12,730)
• Slackware^[100] (941)
• Solaris^[101] (1,609)
• SUSE^[102] (1,444)
• Ubuntu^[103] (8,329)
• UNIX^[104] (9,196)
• UnixWare^[105] (185)
• Windows^[106] (6,526)
• Other^[107]

© 2022 Packet Storm. All rights reserved.