-
Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE
-
Date : 5/18/19
-
Exploit Author : liquidsky (Joseph McPeters)
-
Vulnerable Software : eLabFTW 1.8.5
-
Vendor Homepage : https://www.elabftw.net/
-
Version : 1.8.5
-
Software Link : https://doc.elabftw.net/
-
Tested On : Linux / PHP Version 7.0.33 / Default installation (Softaculous)
-
Author Site : http://incidentsecurity.com | https://github.com/fuzzlove
-
CVE : CVE-2019-12185 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12185
-
Greetz : wetw0rk, offsec ^^
-
Description: eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
-
Notes: Once this is done a php shell will drop at https://[target site]/[elabftw directory]/uploads/[random 2 alphanum]/[random long alphanumeric].php5?e=whoami You will have to visit the uploads directory on the site to see what the name is. However there is no protection against directory listing. So this can be done by an attacker remotely.
eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE (CVE-2019-12185)
fuzzlove/eLabFTW-1.8.5-EntityController-Arbitrary-File-Upload-RCE
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
master
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code
-
Clone
Use Git or checkout with SVN using the web URL.
Work fast with our official CLI. Learn more about the CLI.
- Open with GitHub Desktop
- Download ZIP
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
About
eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE (CVE-2019-12185)
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published