Skip to content
This repository has been archived by the owner on Jul 22, 2020. It is now read-only.

ClipperCMS 1.3.3 allows to upload htaccess file in default setting. #495

Open
Hexife opened this issue Nov 14, 2018 · 1 comment
Open

ClipperCMS 1.3.3 allows to upload htaccess file in default setting. #495

Hexife opened this issue Nov 14, 2018 · 1 comment

Comments

@Hexife
Copy link

Hexife commented Nov 14, 2018

Brief of this vulnerability
ClipperCMS allows to upload .htaccess. It is able to execute the any types of the extensions as PHP scripts.

Test Environment

  • Apache/2.4.18 (Debian)
  • PHP 5.6.38-2+ubuntu16.04.1+deb.sury.org+1 (cli)

Affect version
1.3.3

Reason of This Vulnerability
.htaccess is allowed to upload in your default whitelist.

It should be removed in default whitelist.

It can change the access configuration about current directory and subdirectories.
Even this file can drive to execute any extensions as PHP script.

This vulnerability needs admin credentials, but it can be used to get system shell to adversary who get the admin authority using other attack( e.g. XSS ).

@Hexife
Copy link
Author

Hexife commented Nov 22, 2018

I got the CVE for this vulnerability - CVE-2018-19424.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant