An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
- We found a vulnerability file upload, when we upload malicious file at Update Branding Settings page.
https://github.com/bypazs/GrimTheRipper/blob/main/GrimTheRipperTeam.svg
- Snipe-IT Version v6.0.2
- Google Chrome Version 102.0.5005.61 (Official Build) (64-bit)
- Affected in Branding Settings page on favicon tab (http:///uploads/malicious_file.svg)
- Login to the target application with admin privileges.
- Click at the gear icon in the upper right corner.
- Select "Branding" menu.
- At Favicon, click "Select File".
- Browse the file where we prepared the payload XSS.
- Click "Save".
- After found a success message select "Branding" menu again.
- Right click and select "Open Image in New Tab", it will show that the payload XSS was executed.
Grim The Ripper Team by SOSECURE Thailand
- 2022–05–27: Vulnerability discovered.
- 2022–05–27: Vulnerability reported to the MITRE corporation.
- 2022–05–27: Public disclosure of the vulnerability.
- 2022–07–08: CVE has been reserved.
Reference: