Skip to content
This repository has been archived by the owner on Dec 18, 2022. It is now read-only.
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
cve-pocs/CVE-2022-23346/
cve-pocs/CVE-2022-23346/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

Vulnerability

BigAnt Server Version 5.6.06 suffers from Unrestricted Upload of File with Dangerous Type

Prerequisites

Exploit

Example 01: Cloud Disk

Users can upload files with malicious extensions, in this example .php, via the Cloud Disk add-in


By leveraging the 'Share File' feature, users can determine the path and file


Combined with improper Access control, users can find the path and file name to access


This can be used to gain remote code execution as system


Example 02: Broadcast

Users that have the ability to send Broadcasts, can upload files with malicious extensions, in this example .php


When viewing the details of the broadcast only shows the file


When viewing the source code it reveals the actual path of the file, which when combined with insecure access control can be accessed without authentication by any user to gain remote code execution as system


Timeline

12-01-2021: Submitted vulnerabilities to vendor via email
12-01-2021: Vendor responded asking for more details
12-02-2021: Responded to vendor with additional details
12-02-2021: Vendor responded stating looking into vulnerabilities
12-29-2021: Emailed vendor, no response
01-11-2022: Emailed vendor, no response
01-12-2022: Requested CVEs
01-28-2022: CVEs assigned, no response from vendor
02-26-2022: Emailed vendor, no response
03-21-2022: PoC/CVE published

Reference

MITRE CVE-2022-23346
BigAnt Software

Disclaimer

Content is for educational and research purposes only. Author doesn’t hold any responsibility over the misuse of the software, exploits or security findings contained herein and does not condone them whatsoever.