Summary
An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware.
Details
On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary file upload.
PoC
- Log in to the portal then navigate to
Mediapool.
- Upload a png file (ex: poc.png)
- Intercept the upload HTTP request on burp suite and change
filename: poc.1html, Content-Type:image/html and insert the malicious html code. (ex: <IFRAME SRC="javascript:alert(1);"></IFRAME>)
-
Forward the request.
-
Navigate to the file.
Impact
Exploiting an arbitrary file upload vulnerability enables attackers to execute malicious code on a server.
Summary
An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware.
Details
On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary file upload.
PoC
Mediapool.filename: poc.1html,Content-Type:image/htmland insert the malicious html code. (ex:<IFRAME SRC="javascript:alert(1);"></IFRAME>)Forward the request.
Navigate to the file.
Impact
Exploiting an arbitrary file upload vulnerability enables attackers to execute malicious code on a server.