Centraleyezer 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1824376 漏洞类型 代码问题
发布时间 2019-11-16 更新时间 2019-12-02
CVE编号 CVE-2019-12271 CNNVD-ID CNNVD-201911-1042
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019110100
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201911-1042
|漏洞详情
Centraleyezer是一套漏洞跟踪和管理平台。该平台主要用于漏洞报告、确定优先级、升级和跟踪漏洞等。 Centraleyezer中存在安全漏洞。攻击者可利用该漏洞上传危险类型的文件,以www-data用户身份执行命令。
|漏洞EXP
Centraleyezer: Unrestricted File Upload -[CVE-2019-12271]

Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding “.jpg” to any uploaded filename is not enforced on the server side.

The image upload is vulnerable to bypass, the file upload adds .jpg extension to every file sent, but on client side, so I could intercept the request and change it to .php. I uploaded a simple shell and was able to execute commands as user www-data on the server.

more information:

https://link.medium.com/Y2S4ZJbMy1


|参考资料

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/155355/Centraleyezer-Shell-Upload.html