File Upload to RCE in DEXT5Upload 2.7.1402870 by xcuter
kbgsft edited this page Jun 6, 2020
·
6 revisions
1. Summary
- DEXT5Upload is a web component that can transfer large files.
- A Remote code execution(RCE) vulnerability exists in DEXT5 Upload 2.7.1402870(last version) and earlier. An attacker can upload a malicious PHP/JSP/ASP/ASPX file via the dext5handler handler. In addition, The recently added SetUploadCheckFileExtension() function can also be bypassed.
- CVE : CVE-2020-13442
2. Payloads
- dext5CMD --> uploadPRequest
- fileToUpload --> filename --> malicious.php
- fileNameRule --> (null)
- fileNameRuleEx --> (null)
- and some...
3. Proof
4. How to find this vulnerability?
-
The "Web Security Checker" automatically diagnoses vulnerabilities in web services. It can diagnose the following vulnerabilities : SQL Injection, XSS, LFI, RFI, SSRF, File Upload, File Download, XXE, Command Injection, File management, Direcroty Listing, Source Code Disclosure, URL Redirection, Insecure SSL/TLS, Mixed Content, Specific Vulnerabilities(CVE ShellShock, etc.)
-
5. Discoverer
- Kang Bong Goo( xcuter ) in NBP( NAVER BUSINESS PLATFORM )
- Security Engineer
- Service : https://www.ncloud.com, https://www.naver.com



